North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [da] news: Trend Micro launches anti-botnet service

  • From: Fergie
  • Date: Tue Sep 26 03:08:53 2006

First, I think that forwarding messages from a private list
is something that is frowned upon.

Secondly -- and speaking as a Trend employee and someone intimately
involved in the ICSS/BASE project -- we don't talk/play in the BGP
traffic stream. We simply reap potential target data from a
BGP/Origina-AS/perfix-announce dataset, and then allow the ICSS/BASE
subscribers to make polict decisions on their merit -- whether to
allow their downstream hosts to reselve DNS queries to suspect
hosts, or not.

We do not, in any way, piss into the BGP traffic stream. :-)

It's just an intelligence feed -- one of many.

- ferg

-- brett watson <[email protected]> wrote:

On Sep 25, 2006, at 9:04 PM, Jeff Kell wrote:

>> Well, a prefix hijack either means a router has been pwned, as I  
>> suggested,
>> or a router is (as Governor Tarkin put it) "far too trusting" of  
>> its peers.
>> And anyhow, I was speaking of BGP flaps in the context of botnets  
>> - has anybody
>> seen an in-the-wild botnet that played BGP games?
> No, but playing some BGP games could certainly help to *mitigate*  
> them.
> Turn the C&C list into a community.  I've thrown the idea around  
> several
> times but can't get any takers...

been there, tried that:


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 ferg's tech blog: