To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
On Mon, Jan 22, 2007 at 08:37:16AM -0500, J. Oquendo wrote: > It would be nice if network operators > joined in and blocked flagrant hosts until they got their act together. > Something akin to an RBL only tailored for malware/virus infected > websites.
We've been discussing this on NANOG a bit. It is easy enough to set up a RBL, but how do you enforce it? There was a MAPS DNS service that provided BGP-friendly data about known spam hosts. Unfortunately, when above.net started using it, the collateral damage was apparent; some people could talk to those IPs, some couldn't, and it all depended on if you traffic went through above.net, but it took someone who could interpret a traceroute to see what the problem was. Confusion reigned, and if I were an ISP with peering agreements with above.net, I'd be pretty unhappy that my transit traffic was being blackholed. At least with a packet filter you can usually send a TCP reset or ICMP admin unreach. Transparent proxying works pretty well, until it doesn't. It'd be nice if providers had setup scripts which set Windows users to use a proxy they controlled, and then they could tell users how to bypass it if they had problems. Or maybe there's another trick one could use; different routers for transparent filtering versus not? > What I have noticed > with some domains/networks/operators is, when you contact them and CC it > to say a list whether its a networking list, a security list, etc., > they're more inclined to fix things. The fastest way to get a netblock blackholed is to report it to NANOG. > To some this may be tacky, some may > find it unprofessional but I find it gets the job done. Perhaps a > warning in your email, "Next message will be sent to network mailing > lists..." The last legal spamhouse was kicked off the net by a coordinated DDoS against their backbone provider, who had always defended it as a "free speech" content-neutral kind of thing. I suppose flooding them with packets was just as free. Smacks of vigilante justice a bit, but I can't say I was sorry to see them go. -- ``Unthinking respect for authority is the greatest enemy of truth.'' -- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
pgpk7wfLV9otb.pgp
Description: PGP signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
