To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
John Fraizer wrote:

> Access to ATLAS data is
> limited to ATLAS partners for multiple reasons, not the least of which
> being preventing the miscreants from knowing precisely how it is
> gathered, vetted and redistributed.

And my further discussions with them didn't entail getting the keys to
their kingdom's riches. It solely involved processing the IP addresses
of attackers.

> By limiting the scope of participants in the ATLAS project to known,
> trusted and highly vetted individuals who are themselves highly invested
> in the success of the project and who can provide large quantities of
> high confidence intelligence to the ATLAS project itself, Arbor is
> taking crucial steps towards circumventing open source intelligence
> gathering against the project itself.

Define "trusted individuals" someone who puts enough money in your pocket?

> "What?  I've never seen any publicity about NSPs working together to do
> this and if it's not in the news and being blogged about, it just isn't
> happening!"

But who's fault is this? I would love to be able to ramble on my blog
about contacting provider X and how good they were at addressing the
issue. I've gone on countless mailing lists and asked "does someone have
a contact at X provider". (http://www.infiltrated.net/bfOld/) ... A
simple bruteforcer script which would log information from bruteforce
attackers. I used to parse that out with sed and awk and contact most
network operators while in between doing work, etc.

To this date, the most helpful individual and has been Dave at REN-ISAC.
When I was running a brute force list of ssh bots. I would send him
information and he via REN-ISAC would contact the appropriate
individuals to get those networks clean. I did this on my own spare time
somewhat of an "safe network" activist for lack of better terms. If
there was ANYONE who would have helped I would have publicly said thank
you. I wasn't doing it for money, notoriety, I was doing it for the sake
of thinking I could make a difference.

> You neglected to make your point so, I'll take this time to make mine
again:

>>> There is a lot going on in the shadows to combat botnets and other
>>> miscreant activities that most folks don't have credentials to know
about.
>>>

I don't disagree with you in fact I wholeheartedly agree there are a lot
 idiots out there. Some of which I would like to personally introduce to
the bottom of my Puma's however, there are some of us in the industry
who do whatever it takes try and make our own networks safe.

Maybe its me hoping to get some engineer who knows damn well his network
is dirty to perhaps disconnect his user until his user gets cleaned up,
what the solution is, I don't think there is a full(fool)proof solution.
I DO BELIEVE though that if say an NSP was to start holding their
clients responsible, things would be a lot different. If I were a NSP,
NAP, etc. with a couple of /24's and someone on one of them passing bad
traffic, take your money off my system. It wouldn't be worth it to me in
the long run. And this is the part I don't understand, either IT IS
WORTH IT, or companies just like throwing money away.

As for your other comments on my DS3 pricing... Of course its a ripoff,
we've all told management about the pricing... We're just workers the
same as anyone else.


-- 
====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to