Botnet hunting resources (was: Re: DOS in progress ?)

Frank Bulk frnkblk at
Sat Aug 8 11:35:42 CDT 2009

Some hardcore stuff on S/RTBH here:
id=112 (which
appears to have replaced


-----Original Message-----
From: Luke S Crawford [mailto:lsc at] 
Sent: Saturday, August 08, 2009 3:15 AM
To: Roland Dobbins
Cc: NANOG list
Subject: Re: Botnet hunting resources (was: Re: DOS in progress ?)

Roland Dobbins <rdobbins at> writes:

> On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:
> > 2. is there a standard way to push a null-route on the attackers
> > source IP upstream?
> Sure - if you apply loose-check uRPF (and/or strict-check, when you
> can do so) on Cisco or Juniper routers, you can combine that with the
> blackhole to give you a source-based remotely-triggered blackhole, or
> S/RTBH.  You can do this at your edges, and you *may* be able to
> arrange it with other networks with whom you connect (i.e., scope
> limited to your link with them).

Ah, nice.  thank you, that is exactly what I was looking for.  
I'll read up on it this weekend and see if I can talk my provider into
me push that upstream.

Luke S. Crawford         -   Hosting for the technically adept   -   We don't assume you are stupid.  

More information about the NANOG mailing list