[Dshield] Interesting Zombie Data Graphs

Pete Cap peteoutside at yahoo.com
Fri Nov 11 15:35:15 GMT 2005

--- Mark <markt442 at yahoo.com> wrote:
> In the US, an ISP can only perform "limited
> monitoring" with the staff they have. If they go
> further, they must staff to fix the problem.

I can see why you'd think so, but actually simple
traffic analysis can tell you a lot.  The amount of
information you can learn from netflow analysis alone
is staggering.  And, it can be automated: As a lazy
person--err, an "efficiency expert," I'm fine with
letting the big iron handle all the complex dirty work
for me and then e-mail me a list of potential botnet
victims and control channels.

Comcast and the rest of the IT industry are behind on
this because IT types are not engineers,
mathematicians, or analysts.  They excel at installing
networks and troubleshooting connectivity problems,
but I think most people working in security can tell
you, their expertise in other areas is usually pretty
limited :\



Yahoo! FareChase: Search multiple travel sites in one click.

More information about the list mailing list