[91804] in North American Network Operators' Group
Re: [Full-disclosure] what can be done with botnet C&C's?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sun Aug 13 15:34:41 2006
Date: Sun, 13 Aug 2006 19:32:43 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <44DF6A40.1060901@kanren.net>
To: Michael Nicks <mtnicks@kanren.net>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
On Sun, 13 Aug 2006, Michael Nicks wrote:
> attack, and mitigate/stop the traffic. I think it certainly is possible
> to accomplish this on a per-router level, but being able to have the
> devices communicate and share information between one another is a
> completely separate thing. (New protocol perhaps.)
reference TIDP ... which is like (sort of) Flow-Spec, only not piggybacked
upon BGP and with possibly some extra functionality wrt 'doing the right
thing' on each platform in question. Also, TIDP doesn't have to be tied to
a device that runs a routing protocol...
>
> The only real method that I really have in my toolkit to stop incoming
> DDoS on a AS-wide perspective is originating a /32 within an AS with a
> next-hop of a discard interface.
reference TIDP and FlowSpec (if you have 'discard interface' you already
have flow-spec)
