Botnet List Discussed on NANOG

Sat Mandri wrote:

Hi Rick & Peter

We at Telecom NZ/Xtra are quite keen to learn from you guys how the following Statistical Data on �Botnet� was gathered and what�s the initiative driving it.

We look forward to hearing from you guys on this matter.

Kind Regards

Sat Mandri

Hi Sat,

I built IASON to check and protect computer centres against
attackers. The first thing IASON did was analyzing logs on
routers, switches and everything.

Next step might be tuning firewalls and switches, if need
be, isolating devices from the net.

I still have a little trouble with

Taking parts of IASON you can adapt it to count anything,

Whenever a firewall, an xinetd or or somebody else, sees activity
on a port that is known to be notorious for a bot then count and
remember that ip-address. That is a crude one but it gives you an

With tools like IASON, you could analyze your findings for
repeating patterns. Now you can identify the bots even after
they change ip-addresses.

Why did I build IASON in the first place?

Working for companies like GLC, Global Center and Exodus I got
tired of watching people in the NOC doing the same thing again
and again for hours. Their expertise was not knowledge but
pure typing speed.

IASON can type much faster and he even has time to read the
logs. With the core of IASON programmed in prolog it might
even get a clue :slight_smile:

Peter and Karin