-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Ben Butler" <ben.butler@c2internet.net> wrote:
The effect of this would be that any BotNet controlled hosts in the other member network would now be able to drop any attack traffic in their network on destination at their customer aggregation routers.
I think you might have thought I was suggesting we blackhole sources in other peoples networks - this is definatly not what I was saying.
So, given we all now understand each other - why is no one doing the above?
We (Trend Micro) do something similar to this -- a black-hole BGP feed of known botnet C&Cs, such that the C&C channel is effectively black-holed. At least that way, people can deal with cleaning up the end-systems in their own way, at their own pace, while the amount of malicious activity is effectively "crippled". - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHpOWyq1pz9mNUZTMRAhtLAJwLNH9Ie+mE0106NlY6Qdy43uag1gCgv7wq le4yfSlaa2kUHtchC2X+bbQ= =4P1g -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/