-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The effect of this would be that any BotNet controlled hosts in the
other member network would now be able to drop any attack traffic in
their network on destination at their customer aggregation routers.I think you might have thought I was suggesting we blackhole sources in
other peoples networks - this is definatly not what I was saying.So, given we all now understand each other - why is no one doing the
above?
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.
At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".
- - ferg