North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: [Full-disclosure] what can be done with botnet C&C's?
On Sun, 13 Aug 2006, Michael Nicks wrote: > attack, and mitigate/stop the traffic. I think it certainly is possible > to accomplish this on a per-router level, but being able to have the > devices communicate and share information between one another is a > completely separate thing. (New protocol perhaps.) reference TIDP ... which is like (sort of) Flow-Spec, only not piggybacked upon BGP and with possibly some extra functionality wrt 'doing the right thing' on each platform in question. Also, TIDP doesn't have to be tied to a device that runs a routing protocol... > > The only real method that I really have in my toolkit to stop incoming > DDoS on a AS-wide perspective is originating a /32 within an AS with a > next-hop of a discard interface. reference TIDP and FlowSpec (if you have 'discard interface' you already have flow-spec)