To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Personally -- and please don't misinterpret this as a product pitch -- I like the approach that we (Trend Micro) have taken with our ICSS/BASE platform, and that is, once "bad" behavior has been detected, we can simply send the suspected "bad" system to a "walled-garden" for either quarantine or remediation.
Deactivating the endystsem is a non-starter in ISP-land, where it would mean lost revenue -- they ain't gonna do it. Give them a tool to detect, report, quarantine, and/or remediate, and that (I believe) is a much better appraich. $.02, - ferg -- "Desai, Ashish" <[EMAIL PROTECTED]> wrote: One approach is to de-activate the customer's network access and hope they call the ISP customer support. When you de-activate, you put a notation against the customer account that they have a BOT/infection. Most ISP/business have decent CRM systems that allow you to put text notations against a customer account. We told the reps to have the customer install Anti-Virus software. You control the deactivation rate, so you can control the flow of calls to the customer support team. It increases the cost of customer support but is a nice way of not having to call the customer. We did this and it works quite well at 10 customers a day. The problem is when the customer continue to get re-infected. Its a little frustating to the customer but the process seems to work. There is no compliance checking model, once the customer calls we re-activate their access. We deactivate after a couple of days if they still show signs of infection. Ashish -----Original Message----- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Monday, October 16, 2006 7:46 AM To: [email protected] Subject: [botnets] QoS and bot traffic ...... How can this be done using today's technology? Does it require re-design of hardware or new systems to be designed? I hope to find out and get a proposal ready, Gadi. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
