Re: automatic rtbh trigger using flow data

[Hugo Slabbert <hugo () slabnet com>]

On Fri 2018-Aug-31 06:59:29 +0700, Roland Dobbins <rdobbins () arbor net> wrote:

> On 31 Aug 2018, at 6:47, Aaron Gould wrote:
>
> > I'm really surprised that you all are doing this based on source 
> > ip, simply because I thought the distribution of botnet members 
> > around the world we're so extensive that I never really thought it 
> > possible to filter based on sources, i
>
> Using S/RTBH to drop attack sources has been a valid and useful 
> mitigation tactic for close to 20 years.  Any kind of modern router 
> scales up to large numbers of sources; and note that S/RTBH isn't 
> limited to /32s.
>
> It's discussed in this .pdf preso:
>
> <https://app.box.com/s/xznjloitly2apixr5xge>

I would love an upstream that accepts flowspec routes to get granular about 
drops and to basically push "stateless ACLs" upstream.

_keeps dreaming_

--
Hugo Slabbert       | email, xmpp/jabber: hugo () slabnet com
pgp key: B178313E   | also on Signal

Attachment: signature.asc
Description: Digital signature