Blackholes and IXs and Completing the Attack.

• Previous message (by thread): Blackholes and IXs and Completing the Attack.
• Next message (by thread): Blackholes and IXs and Completing the Attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:

> We (Trend Micro) do something similar to this -- a black-hole BGP
> feed of known botnet C&Cs, such that the C&C channel is effectively
> black-holed.

What's the trigger (pardon the pun, heh) and process for removing IPs  
from the blackhole list post-cleanup, in Trend's case?

Is there a notification mechanism so that folks who may not subscribe  
to Trend's service but who are unwittingly hosting a botnet C&C are  
made aware of same?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice

	Culture eats strategy for breakfast.

            -- Ford Motor Company

• Previous message (by thread): Blackholes and IXs and Completing the Attack.
• Next message (by thread): Blackholes and IXs and Completing the Attack.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]