for this community would trend analysis with the best of who is getting better and the worst of who is getting worse and some baseline counts be enough for this group to understand if the problem is getting better. I am suggesting that NANOG is an appropriate forum to publish general stats on who the problem is getting better/worse for and possibly why things got better/worse. I'd like to see a general head nod that there is a problem and develop some stats so we can understand if it is getting better or worse. -rick Fergie wrote:
Not effective against botnets.
Think of it this way, thousands of compromised hosts (zombies), distributed to the four corners of the Internet, hundreds (if not thousands) of AS's -- all recieving their instructions via IRC from a C&C server somewhere, that probably also may change due to dynamic DNS, or pump-and-dump domain registrations, or any other various ways to continually move the C&C.
Simply going after (what may _seem_to_be_) the last-hop router is like swinging a stick after a piƱata that you can't actually reach when you are blind-folded. :-)
- ferg
-- Peter Dambier <peter@peter-dambier.de> wrote:
Just an afterthought, traceroute and take the final router. I guess for aDSL home users you will find some 8 or 11 routers in germany. My final router never changes. Of course there can hide more than one bad guy behind that router.
[snip]
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/