Re: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-10 Thread Luke S Crawford
goe...@anime.net writes: On Fri, 8 Aug 2009, Luke S Crawford wrote: 1. are there people who apply pressure to ISPs to get them to shut down botnets, like maps did for spam? sadly no. ... Why do you think this might be? Fear of (extralegal) retaliation by botnet owners? or fear of

Re: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-10 Thread goemon
On Mon, 10 Aug 2009, Luke S Crawford wrote: goe...@anime.net writes: On Fri, 8 Aug 2009, Luke S Crawford wrote: 1. are there people who apply pressure to ISPs to get them to shut down botnets, like maps did for spam? sadly no. ... Why do you think this might be? Fear of (extralegal)

Re: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-10 Thread Nathan Ward
On 10/08/2009, at 8:11 PM, goe...@anime.net wrote: such a list would include all of chinanet and france telecom. it would likely not last long. You've mentioned France twice now. Is there a big botnet problem there? I've never heard of anything like that. I'll admit I don't follow this area

Re: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-10 Thread Jared Mauch
On Aug 10, 2009, at 5:34 AM, Nathan Ward na...@daork.net wrote: On 10/08/2009, at 8:11 PM, goe...@anime.net wrote: such a list would include all of chinanet and france telecom. it would likely not last long. You've mentioned France twice now. Is there a big botnet problem there? I've

RE: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-10 Thread Tomas L. Byrnes
Why do you think this might be? Fear of (extralegal) retaliation by botnet owners? or fear of getting sued by listed network owners? [TLB:] No more than any anti-spam RBL or is the idea (shunning packets from ISPs that host botnets) fundamentally unsound? [TLB:] That's an ongoing raging

RE: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-08 Thread Frank Bulk
] Sent: Saturday, August 08, 2009 3:15 AM To: Roland Dobbins Cc: NANOG list Subject: Re: Botnet hunting resources (was: Re: DOS in progress ?) Roland Dobbins rdobb...@arbor.net writes: On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote: 2. is there a standard way to push a null-route

Re: Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-08 Thread goemon
On Fri, 8 Aug 2009, Luke S Crawford wrote: 1. are there people who apply pressure to ISPs to get them to shut down botnets, like maps did for spam? sadly no. I've got 50 gigs of packet captures, and have been going through with perl to detect IPs who send me lots of tcp packets with 0

Botnet hunting resources (was: Re: DOS in progress ?)

2009-08-07 Thread Luke S Crawford
Jorge Amodio jmamo...@gmail.com writes: Are folks seeing any major DOS in progress ? Twitter seems to be under one and FB is flaky. From what I understand, it's quite common. I got hammered last week. It took out some routers at my upstream (it was a tcp syn flood attack, a whole lot of