To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

J. Oquendo wrote:
> 
> You're right I should have posted about Peakflow, I've spoken I've dealt
> with Sunil James in hopes I could create an open source protection
> script based off of Arbor's data for the sake of (drum roll...)
> protecting networks that might not be able to afford Peakflow... Guess
> what... "We're sorry"...: So instead of just talking crap I took the
> time to do what I thought was productive...
> 

And I don't blame them at all.  What part of "Arbor Networks, *INC*
(emphasis on the INC part) is hard to understand?  They are a commercial
entity.  That have spent tons and tons of money developing and deploying
their architecture.  What kind of return on investment are they going to
see if they give away they keys to the kingdom?  Access to ATLAS data is
limited to ATLAS partners for multiple reasons, not the least of which
being preventing the miscreants from knowing precisely how it is
gathered, vetted and redistributed.

In the intelligence business, there is this nifty little thing called
"open source intelligence".  The concept is pretty simple.  Most
non-OPSEC savvy people think for some misguided reason that they can
drop little "hints" while not divulging the whole secret and that it
isn't such a big deal.  They couldn't be more wrong though.

One person "dropping hints" (purposeful or not) is not always going to
drop the same hint.  Before long, he has dropped enough individual
pieces of the puzzle for the adversary to put them together and find out
the big picture.

Typically, there is more than one person dropping hints so, the amount
of time required to put the puzzle together is reduced for the adversary.

The "open source" comes from the fact that the adversary didn't have to
do anything covert to gather the intelligence.  It was provided to them
one puzzle piece at a time by people who didn't see "any harm" in
letting their guard down "just a little bit."  Just like a jugsaw puzzle
 of a boat or airplane though, you don't have to put the whole puzzle
together before you know without a doubt what is in the picture.

By limiting the scope of participants in the ATLAS project to known,
trusted and highly vetted individuals who are themselves highly invested
in the success of the project and who can provide large quantities of
high confidence intelligence to the ATLAS project itself, Arbor is
taking crucial steps towards circumventing open source intelligence
gathering against the project itself.


> 
>> As for "access-list oneliners", if you want to see a router melt down,
>> go ahead and apply an ACL to block that 2 million packets per second,
>> 2Gb/s DDoS heading towards your customer.  Let us know how that works
>> out for ya, OK?
> 
> You missed the point where I rambled on about having NSP's contact their
> downstreams and work with them to mitigate things to a point so where it
> never gets there. If all the big players did that, AT&T, Verizon, BT,
> etc., do you think there would be a such thing as a botnet.
> 

I didn't miss anything.  I work with all three of the providers you
listed above, along with many, many others on a daily basis in *active*
mitigation of nefarious activities across the globe.

"What?  I've never seen any publicity about NSPs working together to do
this and if it's not in the news and being blogged about, it just isn't
happening!"

You don't get to debrief the SEAL teams, Marine Force Recon, the SAS or
the Israeli Commando units either so, I suppose that their clandestine
activities aren't happening either, huh?

> As for the rest of your counterpoints, well taken however I go back to mine:
> 

You neglected to make your point so, I'll take this time to make mine again:

>>
>> There is a lot going on in the shadows to combat botnets and other
>> miscreant activities that most folks don't have credentials to know about.
>>
>>
>> ~John


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iD8DBQFG9B83+16lRpJszIgRAlHBAJ9Jq5oNiuIdMAEDR1hbNeHrh6I/9ACdH8id
zP7mKbsTITj7I8Bgm2mC4us=
=A9yV
-----END PGP SIGNATURE-----
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to