On 20/12/2008, at 4:23 PM, Randy Bush wrote:
speaking as a small provider, I can tell you that I find running
snort
against my inbound traffic does reduce the cost of running an abuse
desk.
I do catch offenders before I get abuse@ complaints, sometimes.
unfortunately snort does not really scale to a larger provider.
and, to the best of my poor knowledge, good open source tools to
black-hole/redirect botted users are not generally available.
universities have some that are good at campus and enterprise scale.
cymru and a few security researchers responded privately to my plea
for solid open source tool sets and refs. knowing the folk
involved, maybe we'll see some motion. patience is a virtue, within
limits.
If you're talking about throughput, Tilera recently (April)
demonstrated 10Gbit/s snort on their TILE64 processors.
http://tilera.com/news_&_events/press_release_080429_snort.php
Not sure if anyone has them in products at the moment though.
--
Nathan Ward
