Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: IETF Draft for Remediation of Bots in ISP Networks - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IETF Draft for Remediation of Bots in ISP Networks

A new IETF draft document focused on how ISP's may detect botnet infections by their subscribers, how to notify customers, and end-user recommendations to remediate the infection, has been published today:

The document sets the current state-of-the-art, best practices for botnet detection, threat communications between parties, and specially notifications to Internet users via multiple methods: mail, phone, web portals, IM, SMS, etc.

The authors are looking for feedback from the community, so if you belong to an ISP or are interested in the topic, contact Nirmal Mody (one of the authors) by e-mail. The contact details are at the end of the IETF draft document.

Raul Siles

Raul Siles

152 Posts
Sep 16th 2009
whatever happened to "pull the plug and let the user phone in"?
Basically, ISP's must define & check if this allowed in their terms of service. Actions like this (IPS-style) require them to be very sure that the user is infected, avoiding false positives, so their detection capabilities must be improved first.
Raul Siles

152 Posts

Sign Up for Free or Log In to start participating in the conversation!