[102259] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Blackholes and IXs and Completing the Attack.

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sat Feb 2 21:01:18 2008

From: Roland Dobbins <rdobbins@cisco.com>
To: NANOG <nanog@merit.edu>
In-Reply-To: <20080202.135051.656.0@webmail08.vgs.untd.com>
Date: Sun, 3 Feb 2008 08:45:30 +0700
Errors-To: owner-nanog@merit.edu

On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:

> We (Trend Micro) do something similar to this -- a black-hole BGP
> feed of known botnet C&Cs, such that the C&C channel is effectively
> black-holed.

What's the trigger (pardon the pun, heh) and process for removing IPs  
from the blackhole list post-cleanup, in Trend's case?

Is there a notification mechanism so that folks who may not subscribe  
to Trend's service but who are unwittingly hosting a botnet C&C are  
made aware of same?

-----------------------------------------------------------------------
Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice

	Culture eats strategy for breakfast.

            -- Ford Motor Company


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[102259] in North American Network Operators' Group

Re: Blackholes and IXs and Completing the Attack.

daemon@ATHENA.MIT.EDU (Roland Dobbins)Sat Feb 2 21:01:18 2008

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sat Feb 2 21:01:18 2008