Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]
nanog at daork.net
Fri Dec 19 21:50:40 CST 2008
On 20/12/2008, at 4:23 PM, Randy Bush wrote:
>>> speaking as a small provider, I can tell you that I find running
>> against my inbound traffic does reduce the cost of running an abuse
>> I do catch offenders before I get [email protected] complaints, sometimes.
> unfortunately snort does not really scale to a larger provider.
> and, to the best of my poor knowledge, good open source tools to
> black-hole/redirect botted users are not generally available.
> universities have some that are good at campus and enterprise scale.
> cymru and a few security researchers responded privately to my plea
> for solid open source tool sets and refs. knowing the folk
> involved, maybe we'll see some motion. patience is a virtue, within
If you're talking about throughput, Tilera recently (April)
demonstrated 10Gbit/s snort on their TILE64 processors.
Not sure if anyone has them in products at the moment though.
More information about the NANOG