RE: Avalanche botnet takedown

[Steve Mikulasik <Steve.Mikulasik () civeo com>]

We need a cost effective and performant way of blocking botnet traffic in SP networks. Fact is the only way to enforce 
network policy is from within the network. Laws, putting the onous on users, notifying infected users, etc will never 
work. We can't expect to solve them all, but at least make it more diffcult by a large margin to run these things. For 
example blacklisting domains where spam is coming from doesn't stop the problem, but it does help in a big way.

Over 800k domains, but I bet they were not using nearly that many IPs. It would be nice to take info from various 
honeypots about CNC servers and just blackhole those IPs in one way or another very quickly. I don't want to suggest a 
method of doing this, just as a idea to play around with.


-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Scott Weeks
Sent: Thursday, December 1, 2016 1:45 PM
To: nanog () nanog org
Subject: Re: Avalanche botnet takedown




--- rfg () tristatelogic com wrote:
From: "Ronald F. Guilmette" <rfg () tristatelogic com>

The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases.  It is attacking 
itself.  And its immune system, such as it is, clearly ain't working.  There's going to come a day of reckoning when it 
will no longer be possible to paper over this sad and self-evident fact.  (And no, I'm *not* talking about the fabled 
"Digital Pearl Harbor".  I'm talking instead about the Internet equivalent of the meteor that wiped out the dinosaurs.)
---------------------------------------------------


What is your suggestion to keep the sky from falling?

scott