On Fri Sep 16, 2016 at 08:32:12PM +0700, Roland Dobbins wrote:
> Another aspect is ensuring that one has the ability to detect, classify,
> traceback, and mitigate outbound badness southbound of the CGN.
Unless PSN can tell us what traffic they consider bad, how can we detect and
classify it? We certainly have the ability to traceback and mitigate, once we
know what we're looking for.
My understanding of the issue is that there are infected PCs on our network,
which are being used as part of a distributed attack, but at the application
layer, rather than network layer - distributed password brute-force, or
similar. Unless we know what to look for, it's hard to detect and stop it.