i am not a list moderator, but i do have a request

which is, please move these threads to a non-SP mailing list.

R [ 41: Danny McPherson ] Re: mitigating botnet C&Cs has become useless
R [ 22: "Laurence F. Sheldon]
R < 45: Danny McPherson >
R [ 62: "Laurence F. Sheldon]
R [ 162: "J. Oquendo" ] Re: [Full-disclosure] what can be done with botnet C&C's?
R < 211: "Payam Tarverdyan Ch>
R [ 66: Michael Nicks ]

i already apologized to the moderators for participating in a non-ops thread
here. there are plenty of mailing lists for which botnets are on-topic.
nanog is not one and should not become one. nanog has other useful purposes.

which is, please move these threads to a non-SP mailing list.

R [ 41: Danny McPherson ] Re: mitigating botnet C&Cs has become
useless
R [ 22: "Laurence F. Sheldon]
R < 45: Danny McPherson >
R [ 62: "Laurence F. Sheldon]
R [ 162: "J. Oquendo" ] Re: [Full-disclosure] what can be done
with botnet C&C's?
R < 211: "Payam Tarverdyan Ch>
R [ 66: Michael Nicks ]

i already apologized to the moderators for participating in a non-ops
thread
here. there are plenty of mailing lists for which botnets are on-topic.
nanog is not one and should not become one. nanog has other useful
purposes.
--
Paul Vixie

I second that emotion.

Chris Jester
Suavemente, INC.
SplitInfinity Networks
619-227-8845

AIM: NJesterIII
ICQ: 64791506

NOTICE - This e-mail and any files transmitted with it are confidential and
are only for the use of the person to whom they are addressed. If you are
not the intended recipient you have received this e-mail in error. Any use,
dissemination, forwarding, printing, copying or dealing in any way
whatsoever with this e-mail is strictly prohibited. If you have received
this e-mail in error, please reply immediately by way of advice to us. It is
the addressee/recipient duty to virus scan and otherwise test the
information provided before loading onto any computer system. Suavemente,
INC.
does not warrant that the information is free of a virus or any other defect
or error. Any views expressed in this message are those of the
individual sender, except where the sender specifically states them to be
the views of Suavemente, INC.

Paul Vixie wrote:

which is, please move these threads to a non-SP mailing list.

R [ 41: Danny McPherson ] Re: mitigating botnet C&Cs has become useless
R [ 22: "Laurence F. Sheldon] R < 45: Danny McPherson > R [ 62: "Laurence F. Sheldon] R [ 162: "J. Oquendo" ] Re: [Full-disclosure] what can be done with botnet C&C's?
R < 211: "Payam Tarverdyan Ch> R [ 66: Michael Nicks ]

i already apologized to the moderators for participating in a non-ops thread
here. there are plenty of mailing lists for which botnets are on-topic.
nanog is not one and should not become one. nanog has other useful purposes.

We have already enough botnets DoSsing the net. We dont need nondisclosed
botlists DoSsing this forum.

We both agree
Peter and Karin

Interestingly enough, I lurk here 99.999% of the time. I comment
on this thread and folks ask to move it to a non-SP mailing list? Perhaps
non-operational, but this certainly has direct implications on SPs and
I'm of the opinion it's quite relevant - well, certainly as relevant as the
past recent threads:

SORBS Contact
New Latop Policies
Fingerprinting and SPAM ID
MPLS Gear for Outside Plant
[perhaps] Fedex Contact
Citrix Load-balancing
Detecting Parked Domains

I suppose it's more "what I feel like reading and sending email about", as
opposed to whether/what's on topic or not. I'm done with this thread on
NANOG - else the slew of "me too" responses on this "list moderator" thread
will divert attention from alternative cruft...

Wondering if I should send a message to NANOG every time I see a thread
of questionable NANOG relevance,

-danny

Dear all,

Interestingly enough, I lurk here 99.999% of the time. I comment
on this thread and folks ask to move it to a non-SP mailing list?
Perhaps
non-operational, but this certainly has direct implications on SPs and
I'm of the opinion it's quite relevant - well, certainly as relevant
as the
past recent threads:

i waited to view, where this discussion will go, but that's exactly the
point. In my opinion, it's really interesting and necessary to be
informed about topics like botnets. It would be a failure, when this
topics won't be discussed anylonger on this list. Also it isn't that a
big problem, to filter topics for himself for relevance or of no
relevance.

Just my two cents.

Regards
Thomas Kuehling

Paul, apparently, we are in disagreement!

Botnets are an operational issue affecting most of every large carrier to
moms&pops service provider here.

I believe a lot of the information about botnets, which is not that
complex, is behind held in secret for no reason, and I release it when
possible.

Most importantly, though, this discussion has not devolved into personal
accusations, unrelated issues or flames. It is still on-track for what is
being discussed and as most members are expected, not just need to, deal
with the issue, they are chiming in.

Those who are not interested in this on-topic subject for so many here,
should just start another. No one can be expected to be interested in
everything.

This is probably one of the more active and interesting discussions in the
past year which are ON-TOPIC.

Now, unless we discuss reverse engineering, sandboxing or perhaps
encryption, how are botnets, DDoS created by botnets and botnet
mitigation, plus ISP-wide handling not on-topic?

Now tell me, aside to BGP issues, etc. how many people here have had to
deal with DDoS, botnets, C&C killing and tracking, etc.? on a daily
bases?

How many here are interested in understanding operational implications,
and then actual things that can be implemented on networks to combat the
problem?

As this is one of the closest issues related to net-ops discussed here
this year, I'd suggest picking more on-topic subjects in general.

This is a meta discussion, so I suppose according to the guidelines it
should be taken to nanog-futures where we can <beep> about it for a
week?

Thanks,

  Gadi.

Paul, apparently, we are in disagreement!

Botnets are an operational issue affecting most of every large carrier to
moms&pops service provider here.

I believe a lot of the information about botnets, which is not that
complex, is behind held in secret for no reason, and I release it when
possible.

...

This is probably one of the more active and interesting discussions in the
past year which are ON-TOPIC.

If this is all we have to talk about and it is on-topic, then NANOG has
failed, and we need a new list where people can actually discuss network
operations.

I have to agree... I joined this list a few weeks ago, and am pretty
sad at the garbage I have to sift through. It's more of a FLAME Thrower
if you ask me.

I'm giving it another few days, and I'm off to looking for other lists
that are much more useful than this deal here.

Robert Hantson
CTO/CIO - Network Operations
QBOS, Inc.
Dallas, TX

>
> Paul, apparently, we are in disagreement!
>
> Botnets are an operational issue affecting most of every large carrier to
> moms&pops service provider here.
>
> I believe a lot of the information about botnets, which is not that
> complex, is behind held in secret for no reason, and I release it when
> possible.
...
> This is probably one of the more active and interesting discussions in the
> past year which are ON-TOPIC.

If this is all we have to talk about and it is on-topic, then NANOG has
failed, and we need a new list where people can actually discuss network
operations.

Who is stopping you? Either to raise subjects you deem apropriate, or to
start another list?

The fact this thread is more successful than most others is in my opinion
an indicator of interest. That said..

What's operational to some may not be operational to others. That said,
either raise a subnject, contribute to one, or ignore the ones youdon't
like unless they are declared off-charter.

No?

  Gadi.

Admittedly, discussions about how to mitigate a botnet are less on topic than
discussing how to fix a BGP wedgie. On the other hand, it's very hard to
launch a DDoS big enough to need mitigating unless you have a botnet to launch
it from. Even Mafiaboy knew that one.

So if you get rid of the botnets, you get rid of the 2AM alerts that a DDoS is
in progress. And 2AM alerts are operational, at least in my book.

How many people asking nicely will it take before you take the hint?
Why don't _you_ start another list. IIRC, you already have. Please consider using it, since I am pretty sure there's no question as to whether you'd be on-topic there.

Thanks!
matto

--matt@snark.net------------------------------------------<darwin><
   Moral indignation is a technique to endow the idiot with dignity.
                                                 - Marshall McLuhan