23 Feb
2005
23 Feb
'05
2:49 a.m.
On Thu, 24 Feb 2005, Juha Saarinen wrote:
On a more serious note, if wormy traffic of various kinds could be fingerprinted with a reasonable degree of accuracy, it could be useful.
There are papers out there on this, it's not that hard ( grep "MX" in the query logs for your DNS servers for a start) especially if you have spent the big bucks to log all the customer's traffic already. The hard bit is doing something with the list of customers once you have identified them. I gave a talk on this at nznog05, I assume you were in another one of the streams.. -- Simon J. Lyall. | Very Busy | Mail: simon(a)darkmere.gen.nz "To stay awake all night adds a day to your life" - Stilgar | eMT.