Re: IP addresses being attacked in Krebs DDoS?

["Patrick W. Gilmore" <patrick () ianai net>]

On Sep 25, 2016, at 6:35 PM, Brett Glass <nanog () brettglass com> wrote:
> At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote:

> > What Brett is asking seems reasonable, even useful. Unfortunately, it is not as simple as posting a list of 
> > addresses on a website.
> >
> > Many devices are compromised because of default user/pass settings. Publishing a list of IP addresses which are so 
> > trivially compromised is handing the miscreants a gift.
>
> I think you may have misunderstood my request. I am not asking for the IP addresses of the bots, but the address or 
> addresses which they are attacking. I can then scan outgoing packets for those destination addresses, and -- if I see 
> them -- work my way back to the customers who are unknowingly harboring infected devices. Those devices could be PCs, 
> Webcams, DVRs, even thermostats.... The customers may not know that they have changeable passwords or backdoors.
>
> By doing this, we can not only enhance our users' security but forestall complaints. We have had more than one 
> customer quit because an infected device on his or her network impacted the quality of video streaming or VoIP... 
> and, of course, he blamed the ISP. Everyone ALWAYS blames the ISP. ;-)

I did read it the other way.

It’s his website, which you can read about on … his website, http://krebsonsecurity.com/. (And for everyone on this 
list, it should be trivial to figure out who helped him get the website back up.) Or his twitter feed. Or lots of 
articles about it. Or lots of mailing lists. Or … etc.

-- 
TTFN,
patrick