Not effective against botnets. Think of it this way, thousands of compromised hosts (zombies), distributed to the four corners of the Internet, hundreds (if not thousands) of AS's -- all recieving their instructions via IRC from a C&C server somewhere, that probably also may change due to dynamic DNS, or pump-and-dump domain registrations, or any other various ways to continually move the C&C.
Simply going after (what may _seem_to_be_) the last-hop router is like swinging a stick after a piƱata that you can't actually reach when you are blind-folded. :-) - ferg -- Peter Dambier <[EMAIL PROTECTED]> wrote: Just an afterthought, traceroute and take the final router. I guess for aDSL home users you will find some 8 or 11 routers in germany. My final router never changes. Of course there can hide more than one bad guy behind that router. [snip] -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
