|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [da] news: Trend Micro launches anti-botnet service
First, I think that forwarding messages from a private list is something that is frowned upon. Secondly -- and speaking as a Trend employee and someone intimately involved in the ICSS/BASE project -- we don't talk/play in the BGP traffic stream. We simply reap potential target data from a BGP/Origina-AS/perfix-announce dataset, and then allow the ICSS/BASE subscribers to make polict decisions on their merit -- whether to allow their downstream hosts to reselve DNS queries to suspect hosts, or not. We do not, in any way, piss into the BGP traffic stream. :-) It's just an intelligence feed -- one of many. - ferg -- brett watson <[email protected]> wrote: On Sep 25, 2006, at 9:04 PM, Jeff Kell wrote: >> >> Well, a prefix hijack either means a router has been pwned, as I >> suggested, >> or a router is (as Governor Tarkin put it) "far too trusting" of >> its peers. >> >> And anyhow, I was speaking of BGP flaps in the context of botnets >> - has anybody >> seen an in-the-wild botnet that played BGP games? > > No, but playing some BGP games could certainly help to *mitigate* > them. > Turn the C&C list into a community. I've thrown the idea around > several > times but can't get any takers... been there, tried that: http://www.mainnerve.com/security/darknet.html -b -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
|