logoalt Hacker News

dijityesterday at 7:44 PM2 repliesview on HN

you don’t stop the message to the botnet, thats impossible:

You detect the behaviour downstream and send a signal to the ISP that there is traffic that needs to he rate limited.

One mechanism for this is called RTBH (Remote Triggered BlackHole) which relies on community tagged prefixes of addresses exceeding rate limited to be blackholed from forwarding traffic further in to the internet.

There’s also things like flowspec but a lot of things rely on proper trust between ASNs.

Replies

essephyesterday at 10:40 PM

It's not that simple and hasn't been for awhile.

There's layer upon layer of relays now, and meshed C2C networks.

Lots of DNS fastflux too

Thaxllyesterday at 8:49 PM

How do you know where it comes from, if they use UDP and change the src of the packets.

show 2 replies