advise on network security report

Rick Wesson wessorh at
Mon Oct 30 17:23:43 UTC 2006

Fergie wrote:
> Rick,
> It would interesting to know how you classify "incidents" in the
> table below....

any one of the following:

  o being put on a major DNS black list (spamcop, spamhaus, ahbl etc.)
  o hosting malware or phishing sites, open proxies
  o sending LOTS of SPAM, virus
  o IRC abuse
  o Botnet C&C
  o hoping glue/fast flux
  o abusive, vulnerable web servers

Should I track other things? I'm always open to new data sources...


More information about the NANOG mailing list