[Dshield] Dalnet being uses as a C&C server

Dalvenjah FoxFire dalvenjah at DAL.NET
Wed Jun 20 18:04:48 GMT 2007


I'd just like to chime in on this thread. I want to point out that
DALnet first received notice of this issue at abuse at dal.net at 4:45PM PDT;
the channel involved was blocked from use at 10:05PM PDT. That's what I
would consider an excellent 5 hour response time; it also appears from this
thread that confirmation was received that action was taken at around
the same time.

The apparent continuing discussion of "well I don't know if I trust that,
let's pursue blocking DALnet" troubles me. As someone who has for upwards
of ten years tried to get ISPs to harden their configurations and remove
abusers, I would be very happy with a 24 hour response time, let alone 5 hours.

I would like to point out that DALnet is entirely volunteer, and it does
not have a 24/7 NOC or abuse desk. We haven't always been perfect at
responding to abuse issues, but we do try our best, and I like to think
we're one of the better ones.

I applaud what you guys are doing and appreciate that chasing botnets
is a thankless job -- but I would ask you to reserve the harshest
countermeasures for the truly nonresponsive sites, and not use the
"well I've got a hammer, everything looks like a nail" approach.

If there are still abusive users using DALnet in regards to botnets
that we aren't aware of, please do e-mail abuse at dal.net or contact
someone on IRC, and we'll address the issue.

Thanks in advance,



More information about the list mailing list