North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: short Botnet list and Cashing in on DoS

  • From: Hannigan, Martin
  • Date: Wed Oct 20 15:16:47 2004


> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> Paul Vixie
> Sent: Thursday, October 07, 2004 12:29 PM
> To: nanog@merit.edu
> Subject: Re: short Botnet list and Cashing in on DoS
> 
> 
> 
> > > ..., a-la spamhaus. Bothaus anyone?
> > 
> > The problem with that is the list rapidly updates and must 
> be maintained
> > with some level of frequency and there's a level of trust 
> involved in it
> > as well.
> 
> i consider www.cymru.com to be an excellent beginning toward 
> that goalset.
> 
> > Going after the bots is lesser effort.  The controllers are 
> a priority.
> 
> wide scale BCP38 conformity is the only way any of this will 
> ever happen.


You mean the bots? The controllers are behind the bots. Also, 
in John's presentation..:

http://www.nanog.org/mtg-0410/pdf/kristoff.pdf

[..]we additionally request that they resolve the RR to 127.0.0.3
before they lock out and reload the zone.

We picked 127/8 as the standard. RFC 1918 wasn't suitable
for obvious reasons.

-M