On Wed, May 15, 2002 at 06:25:15PM -0700, PJ wrote:
Granted. However, the suggestion to place said host/network into some sort of BGP black hole, has it's problems. The community has a whole
Keep in mind that this would be a subscription service. It's not as though the route would be announced to the entire net. If you're not comfortable with it, don't use it on your network (or change upstreams, if they're using it).
already has an idea of which networks have an greater precentage of attacks originating from it, an alert is fine, a pre-emptive strike in the absence of an actual attack is not.
It's not permanent. There clearly would need to be some means of human intervention by which an entry can be removed. At worst, a compromised host is blackholed which will get someone's attention. At best, it is prevented from contributing to attacks. -c