RE: Blackholes and IXs and Completing the Attack.

Hash: SHA1

The effect of this would be that any BotNet controlled hosts in the
other member network would now be able to drop any attack traffic in
their network on destination at their customer aggregation routers.

I think you might have thought I was suggesting we blackhole sources in
other peoples networks - this is definatly not what I was saying.

So, given we all now understand each other - why is no one doing the

We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively

At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".

- - ferg

What's the trigger (pardon the pun, heh) and process for removing IPs from the blackhole list post-cleanup, in Trend's case?

Is there a notification mechanism so that folks who may not subscribe to Trend's service but who are unwittingly hosting a botnet C&C are made aware of same?