Cisco/Level3 takedown

[cboyd at gizmopartners.com (Chris Boyd)]

> On Apr 9, 2015, at 3:01 PM, Matt Olney (molney) <molney at cisco.com> wrote:
> 
> In response to Sameer Khosla's comment that we should work with the entire
> service provider community:
> 
> Talos is the threat intelligence group within Cisco.  We absolutely
> welcome discussions with any network operator on how we can improve the
> state of security on the Internet.  Please contact me directly via email
> and we can have a discussion about how we can work together going forward.

While I agree that the (at least temporary) mitigation of the threat was overall a good thing, I'm not really happy with the method used.  Decisions to drop/block/filter traffic should be done locally.  I would have appreciated Talos coming to the various *nog lists and saying something like "Hey, there's some really bad guys here.  Here's the evidence of their bad behavior, you really should block them."  That probably would have had a wider reach than just going to Level3.

--Chris