nanog mailing list archives
Re: Monumentous task of making a list of all DDoS Zombies.
From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Sun, 08 Feb 2004 10:25:01 +0530
Wayne Gustavus (nanog) wrote:
http://cbl.abuseat.org Interesting approach. It would be conceivable that if this resource was Widely used, miscreants could use this service to DDoS there victims without an army of zombies :-) I still submit that it is more advisable to address the root of the problem by finding the true host that generated attacktraffic. Automating this process of matching dynamic IP to customer acct with a timestamp and remediation is the goal.
Timestamps are, of course, a solution - they definitely help in quickly identifying compromised hosts.
Another thing that helps with easier identification is a practice some ISPs have of inserting the MAC address of the host into the reverse DNS record, with a short TTL. When a new host gets that IP, the MAC address changes too. I have seen at least one ISP do this - and it makes it a whole lot easier for the ISP to quickly identify the host, rather than having to trawl through RADIUS logs or whatever else.
Then, there's the little matter of ISPs implementing ingress filtering as per BCP38 / RFC 2827. These DDoS zombies seem to also be used as a ready source of spoofed source addresses for attacks.
srs
Current thread:
- Monumentous task of making a list of all DDoS Zombies. Drew Weaver (Feb 06)
- Re: Monumentous task of making a list of all DDoS Zombies. Rubens Kuhl Jr. (Feb 06)
- RE: Monumentous task of making a list of all DDoS Zombies. Wayne Gustavus (nanog) (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Marshall Eubanks (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
- RE: Monumentous task of making a list of all DDoS Zombies. Wayne Gustavus (nanog) (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Sean Donelan (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 07)
- Re: Monumentous task of making a list of all DDoS Zombies. Iljitsch van Beijnum (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Iljitsch van Beijnum (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Suresh Ramasubramanian (Feb 08)
- Re: Monumentous task of making a list of all DDoS Zombies. Scott A Crosby (Feb 09)
- abusereporting (was Re: Monumentous task of making a list) Mikael Abrahamsson (Feb 08)
- Re: abusereporting Suresh Ramasubramanian (Feb 08)
- Re: abusereporting (was Re: Monumentous task of making a list) Steven M. Bellovin (Feb 08)