Botnet hunting resources (was: Re: DOS in progress ?)

goemon at anime.net goemon at anime.net
Mon Aug 10 03:11:34 CDT 2009


On Mon, 10 Aug 2009, Luke S Crawford wrote:
> goemon at anime.net writes:
>> On Fri, 8 Aug 2009, Luke S Crawford wrote:
>>> 1. are there people who apply pressure to ISPs to get them to shut down
>>> botnets, like maps did for spam?
>> sadly no.
> ...
>
> Why do you think this might be?  Fear of (extralegal) retaliation by
> botnet owners?  or fear of getting sued by listed network owners?   or is
> the idea (shunning packets from ISPs that host botnets)  fundamentally unsound?

such a list would include all of chinanet and france telecom. it would 
likely not last long.

what do you do when rogue networks are state owned?

> If someone sufficiently trustworthy produced a BGP feed of networks that
> were unresponsive to abuse complaints, do you think other networks would use
> it to block traffic?

no.

> I mean, ultimately I think that having several providers of such feeds 
> with differing levels of aggression would be the best case, but someone 
> has got to go first.

consider how much time and effort it took to get intercage shut down and 
you'd realize it's pretty much a lost cause.

-Dan




More information about the NANOG mailing list