you don’t stop the message to the botnet, thats impossible:
You detect the behaviour downstream and send a signal to the ISP that there is traffic that needs to he rate limited.
One mechanism for this is called RTBH (Remote Triggered BlackHole) which relies on community tagged prefixes of addresses exceeding rate limited to be blackholed from
forwarding traffic further in to the internet.
There’s also things like flowspec but a lot of things rely on proper trust between ASNs.
alt Hacker News
you don’t stop the message to the botnet, thats impossible:
You detect the behaviour downstream and send a signal to the ISP that there is traffic that needs to he rate limited.
One mechanism for this is called RTBH (Remote Triggered BlackHole) which relies on community tagged prefixes of addresses exceeding rate limited to be blackholed from forwarding traffic further in to the internet.
There’s also things like flowspec but a lot of things rely on proper trust between ASNs.