reviving the [email protected] mailing list: a new statregy in fighting cyber crime

Gadi Evron ge at
Thu Aug 28 07:50:34 CDT 2008

The public [email protected] mailing list, where malicious activity on the Internet can 
be openly shared, has been revived, and boy is it active.

Warning: live samples and malicious URLs are openly shared there.

NANOG relevance: These can be operationally used by ISP security 
operators not of those "in the know" to block new attacks and to identify 
abusers in their own networks.

Reminder: this mailing list was started to take off-topic traffic from

Mailing list URL:

Reasons, thinking and explanations:

A couple of years ago I started a mailing list where folks not necessarily 
involved with the vetted, trusted, closed and snobbish circles of cyber crime 
fighting (some founded by me) could share information and be informed of 

In this post I explore some of the history behind information sharing online, 
and explain the concept behind the botnets mailing list. Feel free to skip 
ahead if you find the history boring. Also, do note the history in this post is 
mixed with my own opinions. As I am one of the only people who where there in 
the beginning though and lived through all of it, I feel free to do so (in my 
own blog post).

As I conclude, we may not be able to always share our resources, but it is time 
to change the tide of the cyber crime war, and strategize. One of the 
strategies we need to use, or at least try, is public information sharing of 
"lesser evils" already in the public domain.


To fight a war, you have to be involved and engaged. On the Internet that is 
very difficult, but the Russians found a way. It is a fact that while we made 
much progress in our efforts fighting cyber crime, we had nearly no effect 
what-so-ever on the criminals and the attackers. Non. They maintain their 
business and we play at writing analysis and whack-a-mole.

Using the botnets mailing list, I am burrowing a page from the apparent Russian 
cyber war doctrine, getting people involved, engaged. Personally aware and a 
part of what's going on.

It can't hurt us, and perhaps now, four years over-due and two years after the 
previous attempt, we may be ready to give it a go and test the concept.

 	Gadi Evron.

"You don't need your firewalls! Gadi is Israel's firewall."
     -- Itzik (Isaac) Cohen, "Computers czar", Senior Deputy to the Accountant General,
        Israel's Ministry of Finance, at the government's CIO conference, 2005.

     (after two very funny self-deprication quotes, time to even things up!)

My profile and resume:

More information about the NANOG mailing list