nanog mailing list archives
RE: Botnet hunting resources (was: Re: DOS in progress ?)
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Mon, 10 Aug 2009 08:49:55 -0700
Why do you think this might be? Fear of (extralegal) retaliation by botnet owners? or fear of getting sued by listed network owners?
[TLB:] No more than any anti-spam RBL or
is the idea (shunning packets from ISPs that host botnets) fundamentally unsound?
[TLB:] That's an ongoing raging debate. Some say, since enumerating badness cant' protect you against all threats, that you shouldn't' do it at all. My take is, if you can filter the worst actors early and fast, based on IP address, that gives you deeper packet devices more capacity, and saves you network bandwidth. It's been my experience that IP level blocking is a best practice as the second step (the first being selective availability of any service to only those it NEEDS to be, which in the case of many network operators is everywhere and everyone, and therefore a useless filter for a network operator) in a layered defense.
If someone sufficiently trustworthy produced a BGP feed of networks
that
were unresponsive to abuse complaints, do you think other networks
would
use it to block traffic? I mean, ultimately I think that having several providers of such feeds with differing levels of aggression would be
the
best case, but someone has got to go first.
[TLB:] <shameless plug> That's what ThreatSTOP is for. We use DNS, not BGP, because there are far more traffic management devices (think Subscriber firewalls) that can use it, and because AT&T has a patent on using BGP for block lists. </shameless plug>
Current thread:
- Botnet hunting resources (was: Re: DOS in progress ?), (continued)
- Botnet hunting resources (was: Re: DOS in progress ?) Luke S Crawford (Aug 07)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Roland Dobbins (Aug 07)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Luke S Crawford (Aug 08)
- RE: Botnet hunting resources (was: Re: DOS in progress ?) Frank Bulk (Aug 08)
- Re: Botnet hunting resources Joel Jaeggli (Aug 08)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Roland Dobbins (Aug 07)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) goemon (Aug 08)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Luke S Crawford (Aug 10)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) goemon (Aug 10)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Nathan Ward (Aug 10)
- Re: Botnet hunting resources (was: Re: DOS in progress ?) Jared Mauch (Aug 10)
- Botnet hunting resources (was: Re: DOS in progress ?) Luke S Crawford (Aug 07)
- RE: Botnet hunting resources (was: Re: DOS in progress ?) Tomas L. Byrnes (Aug 10)
- Re: Botnet hunting resources Jack Bates (Aug 11)
- RE: Botnet hunting resources Bradley Freeman (Aug 11)
- RE: Botnet hunting resources Tomas L. Byrnes (Aug 11)