automatic rtbh trigger using flow data
hugo at slabnet.com
Fri Aug 31 15:15:35 UTC 2018
On Fri 2018-Aug-31 06:59:29 +0700, Roland Dobbins <rdobbins at arbor.net> wrote:
>On 31 Aug 2018, at 6:47, Aaron Gould wrote:
>>I'm really surprised that you all are doing this based on source
>>ip, simply because I thought the distribution of botnet members
>>around the world we're so extensive that I never really thought it
>>possible to filter based on sources, i
>Using S/RTBH to drop attack sources has been a valid and useful
>mitigation tactic for close to 20 years. Any kind of modern router
>scales up to large numbers of sources; and note that S/RTBH isn't
>limited to /32s.
>It's discussed in this .pdf preso:
I would love an upstream that accepts flowspec routes to get granular about
drops and to basically push "stateless ACLs" upstream.
Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: Digital signature
More information about the NANOG