nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: automatic rtbh trigger using flow data

From: "Roland Dobbins" <rdobbins () arbor net>
Date: Fri, 31 Aug 2018 06:59:29 +0700
On 31 Aug 2018, at 6:47, Aaron Gould wrote:
I'm really surprised that you all are doing this based on source ip, simply because I thought the distribution of botnet members around the world we're so extensive that I never really thought it possible to filter based on sources, i
Using S/RTBH to drop attack sources has been a valid and useful mitigation tactic for close to 20 years. Any kind of modern router scales up to large numbers of sources; and note that S/RTBH isn't limited to /32s. 

It's discussed in this .pdf preso:

<https://app.box.com/s/xznjloitly2apixr5xge>

-----------------------------------
Roland Dobbins <rdobbins () arbor net>
Previous By Date Next
Previous By Thread Next

Current thread: