nanog mailing list archives
Re: [Full-disclosure] what can be done with botnet C&C's?
From: "Christopher L. Morrow" <christopher.morrow () verizonbusiness com>
Date: Sun, 13 Aug 2006 19:32:43 +0000 (GMT)
On Sun, 13 Aug 2006, Michael Nicks wrote:
attack, and mitigate/stop the traffic. I think it certainly is possible to accomplish this on a per-router level, but being able to have the devices communicate and share information between one another is a completely separate thing. (New protocol perhaps.)
reference TIDP ... which is like (sort of) Flow-Spec, only not piggybacked upon BGP and with possibly some extra functionality wrt 'doing the right thing' on each platform in question. Also, TIDP doesn't have to be tied to a device that runs a routing protocol...
The only real method that I really have in my toolkit to stop incoming DDoS on a AS-wide perspective is originating a /32 within an AS with a next-hop of a discard interface.
reference TIDP and FlowSpec (if you have 'discard interface' you already have flow-spec)
Current thread:
- Re: [Full-disclosure] what can be done with botnet C&C's? J. Oquendo (Aug 13)
- Re: [Full-disclosure] what can be done with botnet C&C's? Payam Tarverdyan Chychi (Aug 13)
- Re: [Full-disclosure] what can be done with botnet C&C's? Michael Nicks (Aug 13)
- Re: [Full-disclosure] what can be done with botnet C&C's? Christopher L. Morrow (Aug 13)
- Re: [Full-disclosure] what can be done with botnet C&C's? Payam Tarverdyan Chychi (Aug 13)
- RE: [Full-disclosure] what can be done with botnet C&C's? Jordan Medlen (Aug 17)
- RE: [Full-disclosure] what can be done with botnet C&C's? Jordan Medlen (Aug 17)
- RE: [Full-disclosure] what can be done with botnet C&C's? Gadi Evron (Aug 17)
- RE: [Full-disclosure] what can be done with botnet C&C's? Jordan Medlen (Aug 17)
- Re: [Full-disclosure] what can be done with botnet C&C's? Valdis . Kletnieks (Aug 17)
- RE: [Full-disclosure] what can be done with botnet C&C's? Jordan Medlen (Aug 17)
- Re: [Full-disclosure] what can be done with botnet C&C's? Michael Nicks (Aug 13)
- Re: [Full-disclosure] what can be done with botnet C&C's? Payam Tarverdyan Chychi (Aug 13)
- RE: [Full-disclosure] what can be done with botnet C&C's? Jordan Medlen (Aug 17)
- RE: [Full-disclosure] what can be done with botnet C&C's? Gadi Evron (Aug 17)
- Re: [Full-disclosure] what can be done with botnet C&C's? virendra rode // (Aug 17)