nanog mailing list archives
Re: IP addresses being attacked in Krebs DDoS?
From: Brett Glass <nanog () brettglass com>
Date: Sun, 25 Sep 2016 16:35:18 -0600
At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote:
What Brett is asking seems reasonable, even useful. Unfortunately, it is not as simple as posting a list of addresses on a website.Many devices are compromised because of default user/pass settings. Publishing a list of IP addresses which are so trivially compromised is handing the miscreants a gift.
I think you may have misunderstood my request. I am not asking for the IP addresses of the bots, but the address or addresses which they are attacking. I can then scan outgoing packets for those destination addresses, and -- if I see them -- work my way back to the customers who are unknowingly harboring infected devices. Those devices could be PCs, Webcams, DVRs, even thermostats.... The customers may not know that they have changeable passwords or backdoors.
By doing this, we can not only enhance our users' security but forestall complaints. We have had more than one customer quit because an infected device on his or her network impacted the quality of video streaming or VoIP... and, of course, he blamed the ISP. Everyone ALWAYS blames the ISP. ;-)
--Brett Glass
Current thread:
- IP addresses being attacked in Krebs DDoS? Brett Glass (Sep 25)
- Re: IP addresses being attacked in Krebs DDoS? Patrick W. Gilmore (Sep 25)
- Re: IP addresses being attacked in Krebs DDoS? Brett Glass (Sep 25)
- Re: IP addresses being attacked in Krebs DDoS? Patrick W. Gilmore (Sep 25)
- Re: IP addresses being attacked in Krebs DDoS? Brett Glass (Sep 25)
- Re: IP addresses being attacked in Krebs DDoS? Damian Menscher via NANOG (Sep 25)
- <Possible follow-ups>
- Re: IP addresses being attacked in Krebs DDoS? Alexander Maassen (Sep 26)
- Re: IP addresses being attacked in Krebs DDoS? Patrick W. Gilmore (Sep 25)