2 Feb
2008
2 Feb
'08
8:45 p.m.
On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:
We (Trend Micro) do something similar to this -- a black-hole BGP feed of known botnet C&Cs, such that the C&C channel is effectively black-holed.
What's the trigger (pardon the pun, heh) and process for removing IPs from the blackhole list post-cleanup, in Trend's case? Is there a notification mechanism so that folks who may not subscribe to Trend's service but who are unwittingly hosting a botnet C&C are made aware of same? ----------------------------------------------------------------------- Roland Dobbins <rdobbins@cisco.com> // 408.527.6376 voice Culture eats strategy for breakfast. -- Ford Motor Company