[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Avalanche botnet takedown

We need a cost effective and performant way of blocking botnet traffic in SP networks. Fact is the only way to enforce network policy is from within the network. Laws, putting the onous on users, notifying infected users, etc will never work. We can't expect to solve them all, but at least make it more diffcult by a large margin to run these things. For example blacklisting domains where spam is coming from doesn't stop the problem, but it does help in a big way.

Over 800k domains, but I bet they were not using nearly that many IPs. It would be nice to take info from various honeypots about CNC servers and just blackhole those IPs in one way or another very quickly. I don't want to suggest a method of doing this, just as a idea to play around with.

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Scott Weeks
Sent: Thursday, December 1, 2016 1:45 PM
To: nanog at nanog.org
Subject: Re: Avalanche botnet takedown

--- rfg at tristatelogic.com wrote:
From: "Ronald F. Guilmette" <rfg at tristatelogic.com>

The Internet, viewed as an organism, quite clearly has, at present, numerous autoimmune diseases.  It is attacking itself.  And its immune system, such as it is, clearly ain't working.  There's going to come a day of reckoning when it will no longer be possible to paper over this sad and self-evident fact.  (And no, I'm *not* talking about the fabled "Digital Pearl Harbor".  I'm talking instead about the Internet equivalent of the meteor that wiped out the dinosaurs.)

What is your suggestion to keep the sky from falling?