DOS attack from PANAMSAT

• Previous message (by thread): DOS attack from PANAMSAT
• Next message (by thread): DOS attack from PANAMSAT
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jul 07, 2002 at 03:08:14PM -0400, Richard A Steenbergen wrote:
> On Sat, Jul 06, 2002 at 06:24:40PM -0500, Rob Thomas wrote:
> > Hmm, not according to the data I collect.  I track numerous botnets and
> > DoSnets, and a bit over 80% of them use the real IPs as the source of
> > the floods.  Then again, with 500 - 18000 bots, it isn't all that
> > necessary to mask the source IPs.  :/
> 
> There are only two situations where a DoS uses its real IP, 1) the network 
> filters spoofed source addresses, 2) they havn't compromised root.

Don't forget 3) the machine compromised isn't capable of spoofing.
In Win95/98/ME/NT, there is no raw socket functionality. I don't
know the breakdown of botnets in terms of which platform they
typically harvest for hosts, but I'd imagine Windows represents a
significant portion of non-spoofed attacks.

-c

• Previous message (by thread): DOS attack from PANAMSAT
• Next message (by thread): DOS attack from PANAMSAT
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]