Botnet hunting resources
J.D. Falk
jdfalk-lists at cybernothing.org
Tue Aug 11 17:52:46 UTC 2009
Jack Bates wrote:
> J.D. Falk wrote:
>> Hi, Luke! MAAWG recently published a document to help ISPs deal with
>> infected machines in their networks. It's not the same kind of
>> pressure, but (as we learned with open relays at MAPS) pressure isn't
>> very effective unless there are tools available to deal with the problem.
>
> It could also use a lot more resources? Watching traffic flows for
> traffic destined to known C&C addresses is nice, but including a pointer
> to a resource that actually gives those addresses is much more useful.
> For those who don't deal with it every day, the document just says they
> need to spend even more time with google.
I'll share your comments with the document authors. They're treating it as
a living document, with updates expected regularly.
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
More information about the NANOG
mailing list