[nsp-sec] DDOS-RS future development
John Fraizer
john at op-sec.us
Fri Aug 21 08:49:09 EDT 2009
One feed is all you need to fit them all. Filter based on BGP communities.
You don't want to block the malware site but you want to block the C&C's?
Accept NLRI's that have the C&C community string but don't accept the ones
that have the malware community string.
John
On Fri, Aug 21, 2009 at 11:22 AM, Alfredo Sola <
alfredo at solucionesdinamicas.net> wrote:
> ----------- nsp-security Confidential --------
>
> So my suggestion would be, keep a separate feed via BGP that allows
> operators with trust but no time or inclination for further analysis to use
> the feed to maximum effect. Make that perhaps a separate one and you may
> call them the Classic and the Smasher BGP feeds :)
>
>
More information about the nsp-security
mailing list