-----BEGIN PGP SIGNED MESSAGE-----
The effect of this would be that any BotNet controlled hosts in the
other member network would now be able to drop any attack traffic in
their network on destination at their customer aggregation routers.
I think you might have thought I was suggesting we blackhole sources in
other peoples networks - this is definatly not what I was saying.
So, given we all now understand each other - why is no one doing the
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
At least that way, people can deal with cleaning up the end-systems
in their own way, at their own pace, while the amount of malicious
activity is effectively "crippled".
- - ferg