nanog mailing list archives

Re: BL of Compromised Hosts?

From: Daniel Concepcion <dani () danielcp net>
Date: Sun, 22 Feb 2004 19:20:25 +0100



Hi Deepak,

Check 
http://www.cymru.com/BGP/bogon-rs.html
They are doing a good job in this issue.

Regards,
Daniel


On Sunday 22 February 2004 17:12, Deepak Jain wrote:

Would anyone be interested in receiving a text or BGP feed of IPs of
hosts known/suspected to be compromised and used as parts of DDOS
attacks? Would anyone be interested in contributing their BGP views?

We have (and I'm sure we're not isolated) been seeing attacks from
several thousand/tens of thousands of unique hosts generated >2Gb/s,

 >1Mpps attacks.

I am not necessarily suggesting that providers use this list to
blackhole at their edge, but its certainly a good candidate for that. It
could alternatively be used by access providers to notify their
customers or filter on their customers. I am sure it would also be a
good list to use to deny traffic to SMTP servers from/to.

I'm not really an activist, so if there is real interest, I will be glad
to set it up and contribute our own significant list of sources.

If this is already done and I don't have a good set of skills with
Google, please let me know.

Thanks in advance,

Deepak Jain
AiNET

Current thread:

BL of Compromised Hosts? Deepak Jain (Feb 22)
- Re: BL of Compromised Hosts? Daniel Concepcion (Feb 22)
  - Re: BL of Compromised Hosts? Rafi Sadowsky (Feb 22)
- Re: BL of Compromised Hosts? Daniel Senie (Feb 22)
- Re: BL of Compromised Hosts? Avleen Vig (Feb 22)
  - Re: BL of Compromised Hosts? Andrew - Supernews (Feb 22)
- <Possible follow-ups>
- RE: BL of Compromised Hosts? Michel Py (Feb 22)
  - Re: BL of Compromised Hosts? Robert E. Seastrom (Feb 22)
    - Re: BL of Compromised Hosts? william(at)elan.net (Feb 22)
    - Re: BL of Compromised Hosts? Tom (UnitedLayer) (Feb 23)
- RE: BL of Compromised Hosts? Michel Py (Feb 22)
- RE: BL of Compromised Hosts? Michel Py (Feb 23)