short Botnet list and Cashing in on DoS

someone who wished to remain publically unnamed answered me by saying:

I got chastized a little while ago, too, for a single post, and told that
it was my THIRD warning (having not received any at all before). Feh.

i can't think of anyone among all nanog posters since the beginning of time
who has not deserved to be smacked around at least once by our erstwhile
moderator for saying something on a dead thread or speaking offtopically.

i'm up to two warnings, and i think it's a lifetime quota not subject to
annual resets (in other words it's three, ever, not three in the last year).
it's really improved my thought processes. if i weren't about to say
something operationally relevant, i'd already have deleted this without
sending it. quality control for crowds is hard; for engineers, also hard;
for crowds of engineers, i can't imagine a way it can be accomplished, yet
here we all are.

so, i'd written:

> 2. Filter aggressively. Run a dark-net, and if one of your customers...

my nameless friend then asked me:

this sounds intrigueing, but I'm not sure what it is. Is is sort of an
internal honeypot NETWORK?

it goes by several names. network telescope, darknet, etc. i called it
a darknet above only because rob thomas calls it that, and he'd recently
given a talk at the dns-oarc members meeting on this precise topic.
yes, it's like a honeypot in some ways (but robt probably winced just
now, as he read me saying that.) most of rob's talk is echoed by his web
site <;, which is a good read.

my own "darknet"-like project is wired up to a database that can answer
questions like "what are the worst 25 sources of undesireable smtp since
the last time i reset the database?" today's answer is:

smtpk=> select * from top25_bysrc;
       src | howmany | earliest | latest