automatic rtbh trigger using flow data

• Previous message (by thread): automatic rtbh trigger using flow data
• Next message (by thread): automatic rtbh trigger using flow data
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31 Aug 2018, at 6:47, Aaron Gould wrote:

> I'm really surprised that you all are doing this based on source ip, 
> simply because I thought the distribution of botnet members around the 
> world we're so extensive that I never really thought it possible to 
> filter based on sources, i

Using S/RTBH to drop attack sources has been a valid and useful 
mitigation tactic for close to 20 years.  Any kind of modern router 
scales up to large numbers of sources; and note that S/RTBH isn't 
limited to /32s.

It's discussed in this .pdf preso:

<https://app.box.com/s/xznjloitly2apixr5xge>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

• Previous message (by thread): automatic rtbh trigger using flow data
• Next message (by thread): automatic rtbh trigger using flow data
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]