North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: Blackholes and IXs and Completing the Attack.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Ben Butler" <ben.butler@xxxxxxxxxxxxxx> wrote: >The effect of this would be that any BotNet controlled hosts in the >other member network would now be able to drop any attack traffic in >their network on destination at their customer aggregation routers. > >I think you might have thought I was suggesting we blackhole sources in >other peoples networks - this is definatly not what I was saying. > >So, given we all now understand each other - why is no one doing the >above? We (Trend Micro) do something similar to this -- a black-hole BGP feed of known botnet C&Cs, such that the C&C channel is effectively black-holed. At least that way, people can deal with cleaning up the end-systems in their own way, at their own pace, while the amount of malicious activity is effectively "crippled". - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHpOWyq1pz9mNUZTMRAhtLAJwLNH9Ie+mE0106NlY6Qdy43uag1gCgv7wq le4yfSlaa2kUHtchC2X+bbQ= =4P1g -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/