advise on network security report

Steve Atkins steve at blighty.com
Mon Oct 30 17:32:15 UTC 2006



On Oct 30, 2006, at 9:23 AM, Rick Wesson wrote:

>
> Fergie wrote:
>> Rick,
>> It would interesting to know how you classify "incidents" in the
>> table below....
>
> any one of the following:
>
>  o being put on a major DNS black list (spamcop, spamhaus, ahbl etc.)
>  o hosting malware or phishing sites, open proxies
>  o sending LOTS of SPAM, virus
>  o IRC abuse
>  o Botnet C&C
>  o hoping glue/fast flux
>  o abusive, vulnerable web servers

Some of those are clearly ludicrous to count as "incidents" at all,  
and some
of them aren't obviously a single incident, by any reasonable measure  
so if you're
planning to aggregate them all together into a single count the end
result is also going to be worthless. Some other way of aggregating
the data might be more useful.

(I also suspect that a subjective popularity contest list of  
providers is
not likely to be viewed as operational by many on nanog, though I
think some of the underlying data might be).

Cheers,
   Steve



More information about the NANOG mailing list