I surprised that nobody has mentioned the work of shadowserver.org, they are able to send reports of malware infections on your networks (see http://www.shadowserver.org/wiki/pmwiki.php/Services/Reports). The service has proved to a brilliant tool in mitigating various forms of malware such as Conficker with almost 0% false positives. Cheers Bradley -----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: 11 August 2009 14:11 To: J.D. Falk Cc: NANOG Subject: Re: Botnet hunting resources J.D. Falk wrote:
Hi, Luke! MAAWG recently published a document to help ISPs deal with infected machines in their networks. It's not the same kind of pressure, but (as we learned with open relays at MAPS) pressure isn't very effective unless there are tools available to deal with the problem.
It could also use a lot more resources? Watching traffic flows for traffic destined to known C&C addresses is nice, but including a pointer to a resource that actually gives those addresses is much more useful. For those who don't deal with it every day, the document just says they need to spend even more time with google. Jack