nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Monumentous task of making a list of all DDoS Zombies.

From: Suresh Ramasubramanian <suresh () outblaze com>
Date: Sun, 08 Feb 2004 08:28:25 +0530

Wayne Gustavus (nanog) wrote:
This would essentially be impossible and not a good idea. Large volumes of hosts/zombies involved in such attacks originate from residential cable/dsl subscribers. This user base primarily uses dynamically assigned IP space. Hence, the IP of tonight's attacker could be the IP of tomorrow's legitimate user.
1. It is arguable whether dynamic IPs are to be treated as legitimate mailhosts. Your colleagues in VOL mailops might tell you something similar too.
2. An expiring list, where entries inserted are quickly expired, and stats used to add to other lists (such as MAPS DUL / SORBS DUHL) is a good idea, and moreover, it's already been done. http://cbl.abuseat.org 

        srs
Previous By Date Next
Previous By Thread Next

Current thread: