[nsp-sec] Question for the team - who would be willing to participate in a "exercise"

[Barry Greene]

> On Oct 28, 2017, at 10:45 PM, Damian Menscher <damian at google.com> wrote:
> 
> I'll get more details on the new effort this week.  I'm just as cynical as you, but perhaps I can steer them in a useful direction.

I’ll be there physically at the meeting.


> As for your exercise, I'm not sure RTBH is the right granularity (targeting a C2 is useless if it's already told its bots to attack).  What I generally want is one of (depending on the situation):
>   - for a list of 1M attacking IPs, please prevent them from sending outbound traffic from your networks
>   - for a packet characteristic (eg, udp/80 packet, or syn packet > 512 bytes, etc), please prevent it from reaching my network
>   - (using netflow) trace the source of spoofed traffic and make it stop (BCP38, ACLing your customer, etc)
>   - de-peer a rogue ASN which is conducting BGP hijacks, sending spoofed attack traffic, etc (including the case where the rogue network is a well-known major network which is misbehaving and won't respond to complaints)
> 
> Sadly, I highly doubt even this group would provide an effective response for any of these.

We can build up to this list. Start with the real simple, then work up to more complicated response actions.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20171028/fef1c731/attachment.sig>