[102251] in North American Network Operators' Group
RE: Blackholes and IXs and Completing the Attack.
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Sat Feb 2 16:56:54 2008
From: "Paul Ferguson" <fergdawg@netzero.net>
Date: Sat, 2 Feb 2008 21:50:51 GMT
To: ben.butler@c2internet.net
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -- "Ben Butler" <ben.butler@c2internet.net> wrote:
>The effect of this would be that any BotNet controlled hosts in the
>other member network would now be able to drop any attack traffic in
>their network on destination at their customer aggregation routers.
>
>I think you might have thought I was suggesting we blackhole sources in=
>other peoples networks - this is definatly not what I was saying.
>
>So, given we all now understand each other - why is no one doing the
>above?
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.
At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
wj8DBQFHpOWyq1pz9mNUZTMRAhtLAJwLNH9Ie+mE0106NlY6Qdy43uag1gCgv7wq
le4yfSlaa2kUHtchC2X+bbQ=3D
=3D4P1g
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
