Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]

Nathan Ward nanog at
Sat Dec 20 03:50:40 UTC 2008

On 20/12/2008, at 4:23 PM, Randy Bush wrote:

>>> speaking as a small provider, I can tell you that I find running  
>>> snort
>> against my inbound traffic does reduce the cost of running an abuse  
>> desk.
>> I do catch offenders before I get abuse@ complaints, sometimes.
> unfortunately snort does not really scale to a larger provider.   
> and, to the best of my poor knowledge, good open source tools to  
> black-hole/redirect botted users are not generally available.  
> universities have some that are good at campus and enterprise scale.
> cymru and a few security researchers responded privately to my plea  
> for solid open source tool sets and refs.  knowing the folk  
> involved, maybe we'll see some motion.  patience is a virtue, within  
> limits.

If you're talking about throughput, Tilera recently (April)  
demonstrated 10Gbit/s snort on their TILE64 processors.

Not sure if anyone has them in products at the moment though.

Nathan Ward

More information about the NANOG mailing list