[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

automatic rtbh trigger using flow data

Subject: automatic rtbh trigger using flow data
From: rdobbins at arbor.net (Roland Dobbins)
Date: Fri, 31 Aug 2018 06:59:29 +0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 31 Aug 2018, at 6:47, Aaron Gould wrote:

> I'm really surprised that you all are doing this based on source ip, 
> simply because I thought the distribution of botnet members around the 
> world we're so extensive that I never really thought it possible to 
> filter based on sources, i

Using S/RTBH to drop attack sources has been a valid and useful 
mitigation tactic for close to 20 years.  Any kind of modern router 
scales up to large numbers of sources; and note that S/RTBH isn't 
limited to /32s.

It's discussed in this .pdf preso:

<https://app.box.com/s/xznjloitly2apixr5xge>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

Follow-Ups:
- automatic rtbh trigger using flow data
  - From: hugo at slabnet.com (Hugo Slabbert)

References:
- automatic rtbh trigger using flow data
  - From: aaron1 at gvtc.com (Aaron Gould)
- automatic rtbh trigger using flow data
  - From: michel.py at tsisemi.com (Michel Py)
- automatic rtbh trigger using flow data
  - From: jmaimon at jmaimon.com (Joe Maimon)
- automatic rtbh trigger using flow data
  - From: michel.py at tsisemi.com (Michel Py)
- automatic rtbh trigger using flow data
  - From: aaron1 at gvtc.com (Aaron Gould)

Prev by Date: automatic rtbh trigger using flow data
Next by Date: automatic rtbh trigger using flow data
Previous by thread: automatic rtbh trigger using flow data
Next by thread: automatic rtbh trigger using flow data
Index(es):
- Date
- Thread