Blackholes and IXs and Completing the Attack.

• Previous message (by thread): Blackholes and IXs and Completing the Attack.
• Next message (by thread): Blackholes and IXs and Completing the Attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Ben Butler" <ben.butler at c2internet.net> wrote:

>The effect of this would be that any BotNet controlled hosts in the
>other member network would now be able to drop any attack traffic in
>their network on destination at their customer aggregation routers.
>
>I think you might have thought I was suggesting we blackhole sources in
>other peoples networks - this is definatly not what I was saying.
>
>So, given we all now understand each other - why is no one doing the
>above?

We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.

At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHpOWyq1pz9mNUZTMRAhtLAJwLNH9Ie+mE0106NlY6Qdy43uag1gCgv7wq
le4yfSlaa2kUHtchC2X+bbQ=
=4P1g
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

• Previous message (by thread): Blackholes and IXs and Completing the Attack.
• Next message (by thread): Blackholes and IXs and Completing the Attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]