To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
Hash: SHA1

J. Oquendo wrote:
> John Fraizer wrote:
>> Access to ATLAS data is
>> limited to ATLAS partners for multiple reasons, not the least of which
>> being preventing the miscreants from knowing precisely how it is
>> gathered, vetted and redistributed.
> And my further discussions with them didn't entail getting the keys to
> their kingdom's riches. It solely involved processing the IP addresses
> of attackers.

You completely missed the entire concept of "open source intelligence",
didn't you?

>> By limiting the scope of participants in the ATLAS project to known,
>> trusted and highly vetted individuals who are themselves highly invested
>> in the success of the project and who can provide large quantities of
>> high confidence intelligence to the ATLAS project itself, Arbor is
>> taking crucial steps towards circumventing open source intelligence
>> gathering against the project itself.
> Define "trusted individuals" someone who puts enough money in your pocket?

Um, how's this: Not you.   Seriously though, if you have to ask for a
definition, it is painfully obvious that this is beyond the scope of
what can be explained to you.

>> "What?  I've never seen any publicity about NSPs working together to do
>> this and if it's not in the news and being blogged about, it just isn't
>> happening!"
> But who's fault is this? I would love to be able to ramble on my blog
> about contacting provider X and how good they were at addressing the
> issue. I've gone on countless mailing lists and asked "does someone have
> a contact at X provider". ( ... A
> simple bruteforcer script which would log information from bruteforce
> attackers. I used to parse that out with sed and awk and contact most
> network operators while in between doing work, etc.
> To this date, the most helpful individual and has been Dave at REN-ISAC.

Dave Monnier and I cross paths pretty much a daily basis.  He's a good
guy and an invaluable resource to the community.  I'm glad he was able
to help you out.  I also hope you'll understand that those of us who do
hold the keys to the kingdom are unlikely to jump out of the shadows
every time some squirrel yells, "Help!  Someone scanned me and set off
my ZoneAlarm!"  We have finite resources to apply to an infinite number
of issues.

While you might consider someone trying to bruteforce ssh on your b0xen
to be a high priority, it falls way below collecting forensics and doing
flow analysis on a child pornography ring or tracking and mitigating
state sponsored cyberterrorism being perpetrated against a DoE site in
my book.

>> You neglected to make your point so, I'll take this time to make mine
> again:
>>>> There is a lot going on in the shadows to combat botnets and other
>>>> miscreant activities that most folks don't have credentials to know
> about.
> I don't disagree with you in fact I wholeheartedly agree there are a lot
>  idiots out there. Some of which I would like to personally introduce to
> the bottom of my Puma's however, there are some of us in the industry
> who do whatever it takes try and make our own networks safe.

Um, I don't recall using the word idiot.  I wasn't belittling anyone.  I
was pointing out that just because you don't know about something going
on doesn't mean that it isn't going on.  The "bad guys" aren't just
15-y/o zit-faced punks trying to impress their friends anymore.  It is
organized crime, terrorists, rogue nations, etc.  These people don't
have any more of a problem putting a bullet in your head than they do
sending a ping-flood your way.  For that reason, among others, the
intelligence gathering and mitigation activities are conducted under the
cloak of secrecy.  It's all about operational security.


Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mandriva -

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.

Reply via email to