Monumentous task of making a list of all DDoS Zombies.
Wayne Gustavus (nanog)
nanog at wgustavus.com
Sat Feb 7 16:56:28 UTC 2004
This would essentially be impossible and not a good idea. Large volumes of
hosts/zombies involved in such attacks originate from residential cable/dsl
subscribers. This user base primarily uses dynamically assigned IP space.
Hence, the IP of tonight's attacker could be the IP of tomorrow's legitimate
user.
This is the same reason that it is imperative that any complaints sent to
ISPs providing such services MUST have a time stamp (with timezone) along
with other information relative to the attack/abuse. This is the only way
the ISPs can relate the IP with the actual enduser in order to contact them
for remediation.
___________________________________________________________
Wayne Gustavus, CCIE #7426
Operations Engineering
Verizon Internet Services
___________________________________________________________
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Drew
Weaver
Sent: Friday, February 06, 2004 4:15 PM
To: nanog at merit.edu
Subject: Monumentous task of making a list of all DDoS Zombies.
Is there a list maintained anywhere of all hosts that have been
identified as a DDoS zombie? Or attack box? We got hit with an attack from
more than 60 IPs last night and I'd like to add them to any list that anyone
has started.
Thanks,
-Drew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040207/111b01e8/attachment.html>
More information about the NANOG
mailing list