On Apr 9, 2015, at 3:01 PM, Matt Olney (molney) <molney@cisco.com> wrote:
In response to Sameer Khosla's comment that we should work with the entire service provider community:
Talos is the threat intelligence group within Cisco. We absolutely welcome discussions with any network operator on how we can improve the state of security on the Internet. Please contact me directly via email and we can have a discussion about how we can work together going forward.
While I agree that the (at least temporary) mitigation of the threat was overall a good thing, I'm not really happy with the method used. Decisions to drop/block/filter traffic should be done locally. I would have appreciated Talos coming to the various *nog lists and saying something like "Hey, there's some really bad guys here. Here's the evidence of their bad behavior, you really should block them." That probably would have had a wider reach than just going to Level3. --Chris