nanog mailing list archives
Re: Blackholes and IXs and Completing the Attack.
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Sun, 3 Feb 2008 03:57:48 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Roland Dobbins <rdobbins () cisco com> wrote:
On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:We (Trend Micro) do something similar to this -- a black-hole BGP feed of known botnet C&Cs, such that the C&C channel is effectively black-holed.What's the trigger (pardon the pun, heh) and process for removing IPs
from the blackhole list post-cleanup, in Trend's case?
We have a team that does the vetting/validation and when the C&Cs are taken down (or "decommissioned") they are removed from the feed.
Is there a notification mechanism so that folks who may not subscribe
to Trend's service but who are unwittingly hosting a botnet C&C are made aware of same?
Well, we try to notify the owners of the identified hosts, but it is not always successful... and sometimes the sheer churn is prohibitive. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHpTu1q1pz9mNUZTMRAu+CAJ94j6AgqZgrMQ6b8HoPLyy4zBRcNgCfejWn dAE2T+i2MtvpAJ2PNJmdTpc= =N+iF -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Current thread:
- RE: Blackholes and IXs and Completing the Attack., (continued)
- RE: Blackholes and IXs and Completing the Attack. Ben Butler (Feb 03)
- Re: Blackholes and IXs and Completing the Attack. Christopher Morrow (Feb 03)
- Re: Blackholes and IXs and Completing the Attack. Matthew Moyle-Croft (Feb 03)
- Re: Blackholes and IXs and Completing the Attack. Danny McPherson (Feb 02)
- RE: Blackholes and IXs and Completing the Attack. Ben Butler (Feb 02)
- Re: Blackholes and IXs and Completing the Attack. Paul Vixie (Feb 02)
- RE: Blackholes and IXs and Completing the Attack. Ben Butler (Feb 02)
- RE: Blackholes and IXs and Completing the Attack. Paul Ferguson (Feb 02)
- Re: Blackholes and IXs and Completing the Attack. Roland Dobbins (Feb 02)
- FW: Blackholes and IXs and Completing the Attack. Ben Butler (Feb 02)
- Re: Blackholes and IXs and Completing the Attack. Paul Ferguson (Feb 02)