Botnet hunting resources (was: Re: DOS in progress ?)
goemon at anime.net
goemon at anime.net
Mon Aug 10 08:11:34 UTC 2009
On Mon, 10 Aug 2009, Luke S Crawford wrote:
> goemon at anime.net writes:
>> On Fri, 8 Aug 2009, Luke S Crawford wrote:
>>> 1. are there people who apply pressure to ISPs to get them to shut down
>>> botnets, like maps did for spam?
>> sadly no.
> ...
>
> Why do you think this might be? Fear of (extralegal) retaliation by
> botnet owners? or fear of getting sued by listed network owners? or is
> the idea (shunning packets from ISPs that host botnets) fundamentally unsound?
such a list would include all of chinanet and france telecom. it would
likely not last long.
what do you do when rogue networks are state owned?
> If someone sufficiently trustworthy produced a BGP feed of networks that
> were unresponsive to abuse complaints, do you think other networks would use
> it to block traffic?
no.
> I mean, ultimately I think that having several providers of such feeds
> with differing levels of aggression would be the best case, but someone
> has got to go first.
consider how much time and effort it took to get intercage shut down and
you'd realize it's pretty much a lost cause.
-Dan
More information about the NANOG
mailing list