nanog mailing list archives
Re: DOS attack from PANAMSAT
From: Clayton Fiske <clay () bloomcounty org>
Date: Sun, 7 Jul 2002 12:45:13 -0700
On Sun, Jul 07, 2002 at 03:08:14PM -0400, Richard A Steenbergen wrote:
On Sat, Jul 06, 2002 at 06:24:40PM -0500, Rob Thomas wrote:Hmm, not according to the data I collect. I track numerous botnets and DoSnets, and a bit over 80% of them use the real IPs as the source of the floods. Then again, with 500 - 18000 bots, it isn't all that necessary to mask the source IPs. :/There are only two situations where a DoS uses its real IP, 1) the network filters spoofed source addresses, 2) they havn't compromised root.
Don't forget 3) the machine compromised isn't capable of spoofing. In Win95/98/ME/NT, there is no raw socket functionality. I don't know the breakdown of botnets in terms of which platform they typically harvest for hosts, but I'd imagine Windows represents a significant portion of non-spoofed attacks. -c
Current thread:
- DOS attack from PANAMSAT Roy (Jul 06)
- Re: DOS attack from PANAMSAT Christopher L. Morrow (Jul 06)
- <Possible follow-ups>
- Re: DOS attack from PANAMSAT Rizzo Frank (Jul 06)
- Re: DOS attack from PANAMSAT Rob Thomas (Jul 06)
- Re: DOS attack from PANAMSAT Richard A Steenbergen (Jul 07)
- Re: DOS attack from PANAMSAT Clayton Fiske (Jul 07)
- Re: DOS attack from PANAMSAT Valdis . Kletnieks (Jul 07)
- Re: DOS attack from PANAMSAT Clayton Fiske (Jul 07)
- Re: DOS attack from PANAMSAT Valdis . Kletnieks (Jul 07)
- Re: DOS attack from PANAMSAT Rob Thomas (Jul 06)
- Re: DOS attack from PANAMSAT Stephen Griffin (Jul 07)