advise on network security report
wessorh at ar.com
Mon Oct 30 17:23:43 UTC 2006
> It would interesting to know how you classify "incidents" in the
> table below....
any one of the following:
o being put on a major DNS black list (spamcop, spamhaus, ahbl etc.)
o hosting malware or phishing sites, open proxies
o sending LOTS of SPAM, virus
o IRC abuse
o Botnet C&C
o hoping glue/fast flux
o abusive, vulnerable web servers
Should I track other things? I'm always open to new data sources...
More information about the NANOG