Re: Are botnets relevant to NANOG?

[Rick Wesson <wessorh () ar com>]

for this community would trend analysis with the best of who is getting 
better and the worst of who is getting worse and some baseline counts be 
enough for this group to understand if the problem is getting better.

I am suggesting that NANOG is an appropriate forum to publish general 
stats on who the problem is getting better/worse for and possibly why 
things got better/worse.

I'd like to see a general head nod that there is a problem and develop 
some stats so we can understand if it is getting better or worse.



-rick


Fergie wrote:
> Not effective against botnets.
>
> Think of it this way, thousands of compromised hosts (zombies),
> distributed to the four corners of the Internet, hundreds (if
> not thousands) of AS's -- all recieving their instructions via
> IRC from a C&C server somewhere, that probably also may change
> due to dynamic DNS, or pump-and-dump domain registrations, or
> any other various ways to continually move the C&C.
>
> Simply going after (what may _seem_to_be_) the last-hop router
> is like swinging a stick after a piñata that you can't actually
> reach when you are blind-folded. :-)
>
> - ferg
>
>
> -- Peter Dambier <peter () peter-dambier de> wrote:
>
> Just an afterthought, traceroute and take the final router. I guess for
> aDSL home users you will find some 8 or 11 routers in germany. My final
> router never changes. Of course there can hide more than one bad guy
> behind that router.
>
> [snip]
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg () netzero net or fergdawg () sbcglobal net
>  ferg's tech blog: http://fergdawg.blogspot.com/