North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
RE: Monumentous task of making a list of all DDoS Zombies.
- From: Wayne Gustavus (nanog)
- Date: Sat Feb 07 23:49:40 2004
> -----Original Message-----
> From: Suresh Ramasubramanian [mailto:suresh@outblaze.com]
> Sent: Saturday, February 07, 2004 9:58 PM
> To: Wayne Gustavus (nanog)
> Cc: 'Drew Weaver'; nanog@merit.edu
> Subject: Re: Monumentous task of making a list of all DDoS Zombies.
>
<snip>
>
> 1. It is arguable whether dynamic IPs are to be treated as legitimate
> mailhosts. Your colleagues in VOL mailops might tell you something
> similar too.
No argument there. However, the thread was originally addressing a list of
DDoS Zombies, not illegitimate SMTP mailhosts. Arguably zombies used to
launch
DDoS attacks are treated differently than such hosts. We address both
types.
>
> 2. An expiring list, where entries inserted are quickly expired, and
> stats used to add to other lists (such as MAPS DUL / SORBS DUHL) is a
> good idea, and moreover, it's already been done.
http://cbl.abuseat.org
Interesting approach. It would be conceivable that if this resource was
Widely used, miscreants could use this service to DDoS there victims without
an army of zombies :-) I still submit that it is more advisable to address
the root of the problem by finding the true host that generated attack
traffic. Automating this process of matching dynamic IP to customer acct
with a timestamp and remediation is the goal.
__________________________________________________________
Wayne Gustavus, CCIE #7426
Operations Engineering
Verizon Internet Services
___________________________________________________________
|
