On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet C&Cs, such that the C&C channel is effectively
black-holed.
What's the trigger (pardon the pun, heh) and process for removing IPs
from the blackhole list post-cleanup, in Trend's case?
Is there a notification mechanism so that folks who may not subscribe
to Trend's service but who are unwittingly hosting a botnet C&C are
made aware of same?
-----------------------------------------------------------------------
Roland Dobbins <[EMAIL PROTECTED]> // 408.527.6376 voice
Culture eats strategy for breakfast.
-- Ford Motor Company
