[nsp-sec] IMPORTANT: DDoS-RS Reminders

[Huopio Kauto]

> The text feed provides a large amount of
> information about these hosts, including what we call the "services
> bit", a flag indicating whether or not non-IRC services are known to
> exist on a host.  These are usually web services.  The BGP feed, of
> course, cannot provide all of this information, it is simply a list of
> /32s provided via eBGP.  It is important to note, though, 
> that any hosts
> with the services bit set (ie, hosts with non-IRC services on 
> them) are
> NOT advertised via the BGP feed - consumers of the DDoS-RS 
> will have to
> use the text feed if they wish to take action on hosts with 
> the services
> bit set, as we feel the more conservative policy is best on 
> the BGP feed.

Now the tricky bit here: if an IRC server is used to C&C activity
_and_ as a discussion forum for a whatever group/groups, what is the
criteria
to list or not to list?

--Kauto
FICORA/CERT-FI