Re: Blackholes and IXs and Completing the Attack.

From: Roland Dobbins (no email)
Date: Sat Feb 02 2008 - 20:45:30 EST

Next message: Ben Butler: "FW: Blackholes and IXs and Completing the Attack."

Previous message: Rick Astley: "Re: Blackholes and IXs and Completing the Attack."
In reply to: Paul Ferguson: "RE: Blackholes and IXs and Completing the Attack."
Next in thread: Alex Pilosov: "RE: Blackholes and IXs and Completing the Attack."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:

> We (Trend Micro) do something similar to this -- a black-hole BGP
> feed of known botnet C&Cs, such that the C&C channel is effectively
> black-holed.

What's the trigger (pardon the pun, heh) and process for removing IPs
from the blackhole list post-cleanup, in Trend's case?

Is there a notification mechanism so that folks who may not subscribe
to Trend's service but who are unwittingly hosting a botnet C&C are
made aware of same?

-----------------------------------------------------------------------
Roland Dobbins <> // 408.527.6376 voice

Culture eats strategy for breakfast.

-- Ford Motor Company

Next message: Ben Butler: "FW: Blackholes and IXs and Completing the Attack."

Previous message: Rick Astley: "Re: Blackholes and IXs and Completing the Attack."
In reply to: Paul Ferguson: "RE: Blackholes and IXs and Completing the Attack."
Next in thread: Alex Pilosov: "RE: Blackholes and IXs and Completing the Attack."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs