Are botnets relevant to NANOG?
Martin Hannigan
hannigan at renesys.com
Fri May 26 23:28:57 UTC 2006
At 07:09 PM 5/26/2006, Rick Wesson wrote:
>for this community would trend analysis with the best of who is
>getting better and the worst of who is getting worse and some
>baseline counts be enough for this group to understand if the
>problem is getting better.
>
>I am suggesting that NANOG is an appropriate forum to publish
>general stats on who the problem is getting better/worse for and
>possibly why things got better/worse.
>
>I'd like to see a general head nod that there is a problem and
>develop some stats so we can understand if it is getting better or worse.
>
We all know there is a problem. Botnets/zombies/et. al. are the
number one threat to the infrastructure and the attacks may be deliberate or
they may be a distraction. The motive is unclear because attacking,
for example, root servers, is an effort without some obvious economic
incentive, at least that I can see. It doesn't make a lot of sense because
the conventional wisdom before they open recursive attacks was that
it was in the miscreants best interest to not attack infrastructure
so that it could facilitate their reachable "goals".
The DA report went through a large thread(s) to post statistics here
and I'm not sure why yours will be any better, or, just another set
of statistics which further de-sensitizes everyone to the problem. I
mean, it looks like, all of a sudden, the DNS community has a big
problem with these open recursive attacks, ran off privately, and
have now determined that it's a feature, not a bug, and well, heck,
operators are now responsible. I am not saying that is the answer, but
I am saying I am reading the OARC comments and this is sort of what
it fees like. As much as Gadi seems to appropriate others credit,
Randy Vaugh and him have been doing this work for some time and
deserves some credit so I'd say "have you spoken to them about how
to make their report better" yet instead of "create more".
-M<
--
Martin Hannigan (c) 617-388-2663
Renesys Corporation (w) 617-395-8574
Member of Technical Staff Network Operations
hannigan at renesys.com
More information about the NANOG
mailing list