nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Over a decade of DDOS--any progress yet?

From: Zachary Hanna <zhanna () yahoo-inc com>
Date: Tue, 4 Oct 2011 12:35:15 -0700
The NIST has proposed a framework for operators to notify botnet victims.

The call for comments and article discussing it are described here:


https://www.infosecisland.com/blogview/17021-Government-Proposes-ISPs-Notif
y-Victims-of-Botnets.html#.TotXA6C-16Q.twitter

"Comments on the proposed Code of Conduct and botnet reporting initiative
are due on or before 5 p.m. EDT, November 4, 2011.
Written
 comments on the proposal may be submitted by mail to the National
Institute of  Standards and Technology at the U.S. Department of
Commerce, 1401  Constitution Avenue, NW., Room 4822, Washington, DC
20230. Submissions  may be in any of the following formats: HTML, ASCII,
 Word, rtf, or pdf.
Online comment submissions in electronic form may be sent to
Consumer_Notice_RFI () nist gov.
  Paper submissions should include a compact disc (CD). CDs should be
labeled with the name and organizational affiliation of the filer and
the name of the word processing program used to create the document.
Comments will be posted at http://www.nist.gov/itl/.
A list of questions  are included in the Request for Information, and can
be accessed at the  source link below:
Source:  
http://www.federalregister.gov/articles/2011/09/21/2011-24180/models-to-adv
ance-voluntary-corporate-notification-to-consumers-regarding-the-illicit-us
e-of#p-3
  
<http://www.federalregister.gov/articles/2011/09/21/2011-24180/models-to-ad
vance-voluntary-corporate-notification-to-consumers-regarding-the-illicit-u
se-of#p-3>
"


IMHO this would go a long way to addressing the underlying root cause
(botted machines). 

Regards,

Zachary


On 12/14/10 5:34 PM, "Joel Jaeggli" <joelja () bogus com> wrote:


On 12/8/10 6:30 AM, Drew Weaver wrote:

Yes, but this obviously completes the 'DDoS attack' and sends the
signal that the bully will win.


it's part of a valid mitigation strategy. shifting the target out from
underneath the blackholed address is also part of the activity. that's
easier in some cases than others. the bots will move and you play whack
a rat with your upstreams.

joel


-Drew



From: alvaro.sanchez () adinet com uy
[mailto:alvaro.sanchez () adinet com uy]
Sent: Wednesday, December 08, 2010 8:46 AM
To: rdobbins () arbor net; North American Operators' Group
Subject: Re: Over a decade of DDOS--any progress yet?

A very common action is to blackhole ddos traffic upstream by sending a
bgp route to the next AS with a preestablished community indicating the
traffic must be sent to Null0. The route may be very specific, in order
to impact as less as possible. This needs previous coordination between
providers.
Regards.
Previous By Date Next
Previous By Thread Next

Current thread: