Blackholes and IXs and Completing the Attack.
Paul Ferguson
fergdawg at netzero.net
Sat Feb 2 21:50:51 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- "Ben Butler" <ben.butler at c2internet.net> wrote:
>The effect of this would be that any BotNet controlled hosts in the
>other member network would now be able to drop any attack traffic in
>their network on destination at their customer aggregation routers.
>
>I think you might have thought I was suggesting we blackhole sources in
>other peoples networks - this is definatly not what I was saying.
>
>So, given we all now understand each other - why is no one doing the
>above?
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.
At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHpOWyq1pz9mNUZTMRAhtLAJwLNH9Ie+mE0106NlY6Qdy43uag1gCgv7wq
le4yfSlaa2kUHtchC2X+bbQ=
=4P1g
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the NANOG
mailing list