First, I think that forwarding messages from a private list
is something that is frowned upon.
Secondly -- and speaking as a Trend employee and someone intimately
involved in the ICSS/BASE project -- we don't talk/play in the BGP
traffic stream. We simply reap potential target data from a
BGP/Origina-AS/perfix-announce dataset, and then allow the ICSS/BASE
subscribers to make polict decisions on their merit -- whether to
allow their downstream hosts to reselve DNS queries to suspect
hosts, or not.
We do not, in any way, piss into the BGP traffic stream. :-)
It's just an intelligence feed -- one of many.
- ferg
-- brett watson [EMAIL PROTECTED] wrote:
On Sep 25, 2006, at 9:04 PM, Jeff Kell wrote:
Well, a prefix hijack either means a router has been pwned, as I
suggested,
or a router is (as Governor Tarkin put it) far too trusting of
its peers.
And anyhow, I was speaking of BGP flaps in the context of botnets
- has anybody
seen an in-the-wild botnet that played BGP games?
No, but playing some BGP games could certainly help to *mitigate*
them.
Turn the CC list into a community. I've thrown the idea around
several
times but can't get any takers...
been there, tried that:
http://www.mainnerve.com/security/darknet.html
-b
--
Fergie, a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/