Going further I think IL-CERT is doing a great service to the
Internet community. Their alerts allow to responsible network
admins to investigate and to preserve their networks clean of
debris like spyware and trojans.
The point is that aged data is an eternity when you're
talking about botnets, worms, zombies, c/c's, etc which is
what made me wonder why it was being posted in the first
step. A month is a long time in botland.
Yes, I'm all for clean networks. Yes, IL CERT does as good
a job as any CERT, I'm sure.
-M<
> Going further I think IL-CERT is doing a great service to the Internet
> community. Their alerts allow to responsible network admins to
> investigate and to preserve their networks clean of debris like spyware
> and trojans.
The point is that aged data is an eternity when you're talking about
botnets, worms, zombies, c/c's, etc which is what made me wonder why it
was being posted in the first step. A month is a long time in botland.
while i'm not the one posting it, i do see these summaries and i also see
much of the raw data that's being summarized, in real time, as it's found
and shared. AS owners/operators who want to get the data in real time have
already been told to send <ge@linuxbox.org> some e-mail asking for it. the
summaries are primarily useful for C&C's that are still alive a month later
even though plenty of notices have been sent to the relevant NOC's. in
other words it's sort of like defcon's "wall of sheep". i like the approach.