RFC: public efforts in the botnets realm

Gadi Evron ge at linuxbox.org
Mon May 22 07:11:36 UTC 2006

Hi, this is an FYI. A discussion will now commense on the DA list to try
and measure if public efforts are indeed a good idea, and how much good
vs. bad they cause in the fight against botnets, distributed denial of 
service attacks, Internet survivability and online crime, as it can
indeed be measured.

I would also like the community's opinion on the subject at hand, so that
we can relay it and make a more client-oriented decision (take the needs
of the community into consideration as well).



---------- Forwarded message ----------
Date: Mon, 22 May 2006 02:02:48 -0500 (CDT)
From: Gadi Evron <ge at linuxbox.org>
To: <closed botnets list>
Subject: public efforts

Hi guys. our public efforts in the botnet realm thus far consist
of *mainly*:
1. The monthly C&C report.
2. Public botnet reporting to us.
3. Public discussion list.

The monthly report is now largely accepted by most in the net-ops
community as reliable, and it meets the test of scrutiny. We had some
early bumps on how we represent data, what data we want to show and what
information we want to deduce from it - but I think we are there now.

Public botnet reporting to us is going great. I stopped relaying them to
the list is it is extremely time consuming for me, but they are dealt
with. As soon as a volunteer who doesn't just want to talk to the press
and take them off my back but also do this work comes along, we will get
these again here too.

The public discussion list has in my opinion brought an  immense public
awareness, law enforcement interest and industry work. Little to no new
information was divulged there that the Bad Guys would not already know
with their gigs of bot sources and exchange networks (not to mention
support web forums). That's just my opinion, feel free to chime in.

The monthly reports are great, as is getting data from the public of
net-ops and sys-admins. The discussion list is on a tight leash, but I
would like those of you who have been monitoring it and disagree with me
to do so here and tell us why we failed there.

If we indeed see the [email protected] list as a success, I would like us to move
forward and divulge more redundant already public information to the
public, and help move the cause along further than by classifying every
bit of useless information as top secret.

Thanks, I am looking forward to your input,


"In a good cause, there are no failures, only delayed successes".
	~Isaac Asimov, "In a Good Cause".

More information about the NANOG mailing list