nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Botnet hunting resources (was: Re: DOS in progress ?)

From: Luke S Crawford <lsc () prgmr com>
Date: 08 Aug 2009 04:15:04 -0400
Roland Dobbins <rdobbins () arbor net> writes:


On Aug 8, 2009, at 11:57 AM, Luke S Crawford wrote:


2. is there a standard way to push a null-route on the attackers
source IP upstream?


Sure - if you apply loose-check uRPF (and/or strict-check, when you
can do so) on Cisco or Juniper routers, you can combine that with the
blackhole to give you a source-based remotely-triggered blackhole, or
S/RTBH.  You can do this at your edges, and you *may* be able to
arrange it with other networks with whom you connect (i.e., scope
limited to your link with them).


Ah, nice.  thank you, that is exactly what I was looking for.  
I'll read up on it this weekend and see if I can talk my provider into letting
me push that upstream.


-- 
Luke S. Crawford
http://prgmr.com/xen/         -   Hosting for the technically adept
http://nostarch.com/xen.htm   -   We don't assume you are stupid.
Previous By Date Next
Previous By Thread Next

Current thread: