We need a cost effective and performant way of blocking botnet traffic in SP 
networks. Fact is the only way to enforce network policy is from within the 
network. Laws, putting the onous on users, notifying infected users, etc will 
never work. We can't expect to solve them all, but at least make it more 
diffcult by a large margin to run these things. For example blacklisting 
domains where spam is coming from doesn't stop the problem, but it does help in 
a big way.

Over 800k domains, but I bet they were not using nearly that many IPs. It would 
be nice to take info from various honeypots about CNC servers and just 
blackhole those IPs in one way or another very quickly. I don't want to suggest 
a method of doing this, just as a idea to play around with.

-----Original Message-----
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Scott Weeks
Sent: Thursday, December 1, 2016 1:45 PM
To: nanog@nanog.org
Subject: Re: Avalanche botnet takedown

--- r...@tristatelogic.com wrote:
From: "Ronald F. Guilmette" <r...@tristatelogic.com>

The Internet, viewed as an organism, quite clearly has, at present, numerous 
autoimmune diseases.  It is attacking itself.  And its immune system, such as 
it is, clearly ain't working.  There's going to come a day of reckoning when it 
will no longer be possible to paper over this sad and self-evident fact.  (And 
no, I'm *not* talking about the fabled "Digital Pearl Harbor".  I'm talking 
instead about the Internet equivalent of the meteor that wiped out the 

What is your suggestion to keep the sky from falling?


Reply via email to