To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
John Fraizer wrote:

> OK. If a service provider (ISP/MSP/*SP) is buying bandwidth based on
> data transferred vs raw line rate of the transport medium, there are two
> words to describe that provider: "Mom & Pop".  It is just that simple.

Regardless of mom and pop how about calling them "a customer" regardless
if they're paying you 1,000.00 or 1,000,000.00

> The overwhelming majority of malware we're seeing is not sourcing from
> RFC1918 space and much of it is intelligent enough not to scan into
> RFC1918 space and while I agree that RFC1918 should not ever make it
> past the CPE, let alone the customer aggregation router, access-lists
> are not where it's at.

Filtering was used as an example and I didn't want to add bogon's
because of the arguments behind them. I could have added RBL's SORBS,
etc., and filtering and acronyms until my face turned blue. It was
posted as a briefer... There is something that can be done.

> The use of uRPF in strict mode on customer
> facing interfaces would be a nice start though.  Strange that the author
> has so much supposed experience but they leave the most easily
> implemented filtering option out of their critique.

See above

> As for using ip audit and ip cef, they have their place but, any
> respectable provider is going to be collecting netflow exports from
> their routers and doing automated analytics on that flow information
> using any one of several publicly available netflow collectors - perhaps
> even augmented by a commercial solution such as the Arbor PeakFlow SP.

You're right I should have posted about Peakflow, I've spoken I've dealt
with Sunil James in hopes I could create an open source protection
script based off of Arbor's data for the sake of (drum roll...)
protecting networks that might not be able to afford Peakflow... Guess
what... "We're sorry"...: So instead of just talking crap I took the
time to do what I thought was productive...

The ATLAS Initiative wrote:
> Jesus,
> Are you looking to do this for your own managed devices, or for
devices you manage for customers?
> Sunil
> --------------------------------------------
> Sunil James | [EMAIL PROTECTED]
> Product Manager
> Arbor Networks Inc. |
> 734.821.1460 work | 734.327.9048 fax
> PGP KeyID: 0xA18E302F
> --------------------------------------------
> On Jun 8, 2007, at 1:27 PM, J. Oquendo wrote:
>> The ATLAS Initiative wrote:
>>> Dear Jesus,
>>> Thank you for expressing interest in ATLAS. Today, only select ATLAS
partners and customers can access the private portal. Tomorrow, however,
Arbor will be making available a web services-based ATLAS subscription
service that can be pulled directly into pre-existing security
offerings. If you'd like to be kept apprised of this future Arbor
product offering, or If your interest is of another nature, please reply
with a brief description of what you're looking to accomplish, and a
good time next week when we can chat further.
>>> Best regards,
>>> Sunil James
>>> Product Manager
>>> --------------------------------------------
>>> The ATLAS Initiative | [EMAIL PROTECTED]
>>> Arbor Networks Inc. |
>>> 734.327.0000 work | 734.327.9048 fax
>>> PGP KeyID: 0x99A512EB
>>> --------------------------------------------
>> I was looking to utilize some of the host based information Atlas
gathers in order to automatically block these hosts via firewalls and
IDS/IPS equipment.
>> --====================================================
>> J. Oquendo
>> echo|sed 's/^/sil@/g'
>> "Wise men talk because they have something to say;
>> fools, because they have to say something." -- Plato
I'm looking to do this so I can return an open source tool for anyone
looking for something similar.

// End snip

> As for "access-list oneliners", if you want to see a router melt down,
> go ahead and apply an ACL to block that 2 million packets per second,
> 2Gb/s DDoS heading towards your customer.  Let us know how that works
> out for ya, OK?

You missed the point where I rambled on about having NSP's contact their
downstreams and work with them to mitigate things to a point so where it
never gets there. If all the big players did that, AT&T, Verizon, BT,
etc., do you think there would be a such thing as a botnet.

As for the rest of your counterpoints, well taken however I go back to mine:

> It's easy to be a little stub ISP or better yet, an end-user and start
> pointing the finger screaming and yelling about what others have been
> doing.  Come back and talk to me when your smallest network drain is
> OC48 and you're connecting pops with multiple OC192 links.
> There is a lot going on in the shadows to combat botnets and other
> miscreant activities that most folks don't have credentials to know about.
> ~John

engineers will get their acts together as opposed to spending the time
“engineering” an email to a mailing list to dispel what’s posted here.

sil / Author of the article.

J. Oquendo
"Excusatio non petita, accusatio manifesta"
sil . infiltrated @ net

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.

Reply via email to