Botnet hunting resources

J.D. Falk jdfalk-lists at
Tue Aug 11 12:52:46 CDT 2009

Jack Bates wrote:

> J.D. Falk wrote:
>> Hi, Luke! MAAWG recently published a document to help ISPs deal with
>> infected machines in their networks. It's not the same kind of
>> pressure, but (as we learned with open relays at MAPS) pressure isn't
>> very effective unless there are tools available to deal with the problem.
> It could also use a lot more resources? Watching traffic flows for
> traffic destined to known C&C addresses is nice, but including a pointer
> to a resource that actually gives those addresses is much more useful.
> For those who don't deal with it every day, the document just says they
> need to spend even more time with google.

I'll share your comments with the document authors.  They're treating it as 
a living document, with updates expected regularly.

J.D. Falk
Return Path Inc

More information about the NANOG mailing list