[110024] in North American Network Operators' Group
Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to
daemon@ATHENA.MIT.EDU (Nathan Ward)
Fri Dec 19 22:50:47 2008
From: Nathan Ward <nanog@daork.net>
To: nanog list <nanog@nanog.org>
In-Reply-To: <494C651C.8020508@psg.com>
Date: Sat, 20 Dec 2008 16:50:40 +1300
Errors-To: nanog-bounces@nanog.org
On 20/12/2008, at 4:23 PM, Randy Bush wrote:
>>> speaking as a small provider, I can tell you that I find running
>>> snort
>> against my inbound traffic does reduce the cost of running an abuse
>> desk.
>> I do catch offenders before I get abuse@ complaints, sometimes.
>
> unfortunately snort does not really scale to a larger provider.
> and, to the best of my poor knowledge, good open source tools to
> black-hole/redirect botted users are not generally available.
> universities have some that are good at campus and enterprise scale.
>
> cymru and a few security researchers responded privately to my plea
> for solid open source tool sets and refs. knowing the folk
> involved, maybe we'll see some motion. patience is a virtue, within
> limits.
If you're talking about throughput, Tilera recently (April)
demonstrated 10Gbit/s snort on their TILE64 processors.
http://tilera.com/news_&_events/press_release_080429_snort.php
Not sure if anyone has them in products at the moment though.
--
Nathan Ward
