[nsp-sec] DDOS-RS future development
Rob Thomas
robt at cymru.com
Tue Aug 18 11:56:42 EDT 2009
Hi, team.
> On a related matter, Scott McIntyre had a very good suggestion on the
> DDOS RS - maybe we should start using BGP communities on describing
> different types of C&C:s. Limiting global dampening just to
> IRC-based C&C:s is..quite limiting in the present day situation.
This is something we've discussed and proposed in the past. While it is
technically feasible and elegant, not everyone is enamored of the idea
of receiving more than IRC C&Cs through the DDoS-RS BGP feed. This is
why we've not added additional categories except for the rare (perhaps
five) ad-hoc entries.
We've moved to the text file feed model which provides folks quite a bit
more context around a given entry. Folks can then parse those files and
filter or monitor with any sort of gear, from routers to IPS.
While we're all for updating the DDoS-RS in both content and syntax, we
want to ensure that A) this is needed, and B) other methods of
disseminating this insight aren't more practical and scalable.
Thoughts?
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list