> Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS
> based on such connections to a honeypot. Any system which made the correct
> request could then have it's address published via BGP or DNS for ISPs and
> the like to do as they wish.
an infected host dnsrbl doesnt sound like a bad idea...