Re: botnet reporting by AS - what about you?
I can understand that -- right on. :-) One must understand that this whole thing is a moving target, and perhaps the reporting features are just now maturing (now Gadi, don't make a liar out of me). Insofar as as detection methodologies, I'll have to defer to Gadi to elaboarate (illustrate?) them for a wide audience. Cheers! - ferg p.s. For what it's worth, I got a bit bloody last month neutralizing a pertty large Pertibot infection in a client network -- it was, at that point, new and undetectable by most AV vendor ID mechanisms. Like I said, moving target, etc. "Hannigan, Martin" <hannigan@verisign.com> wrote: I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it useless for the most part as its hard to act on someones word without some idea of how they are getting their data and avoiding collateral damage. I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I have lists I felt were more trustworthy than DA. Things may have changed. Martin -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/
participants (1)
-
Fergie (Paul Ferguson)