To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Jim Becher wrote:
>>Sending out put reports like this makes us no better then >>spammers as far as clogging resources. >>Going full bore, I was reporting approx 25,000 spams a day, >>so that's how many Emails I was mailing out to "abuse" email >>boxes. I'm just one guy, Imagine of I had release this out in >>PD, and everyone else was doing it... ISPs would get flooded >>with reports, people would get careless and not filter their >>spam properly, leaving non-spam with the spam... worse case >>is that the poor hapless individual will loose their internet >>connection or Email. >> >> > > >John, > > I was advocating a single e-mail to the abuse contact with a list of >machines that are victims. > Right - thats what I meant by aggrigating my reports... group them by ISP. Put all the ComCrap data in one file, in CSV form so the ISP can import them into whatever DB they are using. I can even let them pick what fields of data they want... Mostly it's the IP, Date (but which date), etc. Lets talk about dates... this has always been a sticking point with me. First off, you can never be sure the dates are right. Even large ISP's dont give a flying fuck about their clocks. Expecially joe schmoe's infected gateway computer. Then, which dates to use... date the mail was originally sent? Date the last email was relayed to MY mail server? I use the latter because it's that date and time it got sent out... and would more likely match the ISP's Logs. >The e-mail should originate from a single >cooperative organization (MyNetwatchman, SANS, dshield, or the like). I >agree that if an e-mail was generated, by each organization that sees the >botnet, for each victim machine to the abuse contact -- it would be chaos. > > And (sigh) the ISP's want it that way.... Sheesh... there are way too many packets flying around the net - why make it worse? John _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
