We need a cost effective and performant way of blocking botnet traffic in SP
networks. Fact is the only way to enforce network policy is from within the
network. Laws, putting the onous on users, notifying infected users, etc will
never work. We can't expect to solve them all, but at least make it more
diffcult by a large margin to run these things. For example blacklisting
domains where spam is coming from doesn't stop the problem, but it does help in
a big way.
Over 800k domains, but I bet they were not using nearly that many IPs. It would
be nice to take info from various honeypots about CNC servers and just
blackhole those IPs in one way or another very quickly. I don't want to suggest
a method of doing this, just as a idea to play around with.
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Weeks
Sent: Thursday, December 1, 2016 1:45 PM
Subject: Re: Avalanche botnet takedown
--- r...@tristatelogic.com wrote:
From: "Ronald F. Guilmette" <r...@tristatelogic.com>
The Internet, viewed as an organism, quite clearly has, at present, numerous
autoimmune diseases. It is attacking itself. And its immune system, such as
it is, clearly ain't working. There's going to come a day of reckoning when it
will no longer be possible to paper over this sad and self-evident fact. (And
no, I'm *not* talking about the fabled "Digital Pearl Harbor". I'm talking
instead about the Internet equivalent of the meteor that wiped out the
What is your suggestion to keep the sky from falling?