automatic rtbh trigger using flow data
Roland Dobbins
rdobbins at arbor.net
Thu Aug 30 23:59:29 UTC 2018
On 31 Aug 2018, at 6:47, Aaron Gould wrote:
> I'm really surprised that you all are doing this based on source ip,
> simply because I thought the distribution of botnet members around the
> world we're so extensive that I never really thought it possible to
> filter based on sources, i
Using S/RTBH to drop attack sources has been a valid and useful
mitigation tactic for close to 20 years. Any kind of modern router
scales up to large numbers of sources; and note that S/RTBH isn't
limited to /32s.
It's discussed in this .pdf preso:
<https://app.box.com/s/xznjloitly2apixr5xge>
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list