RE: Blackholes and IXs and Completing the Attack.

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -- "Ben Butler" <ben.butler () c2internet net> wrote:

> The effect of this would be that any BotNet controlled hosts in the
> other member network would now be able to drop any attack traffic in
> their network on destination at their customer aggregation routers.
>
> I think you might have thought I was suggesting we blackhole sources in
> other peoples networks - this is definatly not what I was saying.
>
> So, given we all now understand each other - why is no one doing the
> above?

We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.

At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHpOWyq1pz9mNUZTMRAhtLAJwLNH9Ie+mE0106NlY6Qdy43uag1gCgv7wq
le4yfSlaa2kUHtchC2X+bbQ=
=4P1g
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/