Monumentous task of making a list of all DDoS Zombies.
Marshall Eubanks
tme at multicasttech.com
Sat Feb 7 17:37:55 UTC 2004
It need be neither momentous nor monumental -
Just say it's 0.0.0.0 / 0 with some occasional exceptions.
Regards
Marshall Eubanks
On Sat, 7 Feb 2004 11:56:28 -0500
"Wayne Gustavus (nanog)" <nanog at wgustavus.com> wrote:
> This would essentially be impossible and not a good idea. Large volumes of
> hosts/zombies involved in such attacks originate from residential cable/dsl
> subscribers. This user base primarily uses dynamically assigned IP space.
> Hence, the IP of tonight's attacker could be the IP of tomorrow's legitimate
> user.
>
> This is the same reason that it is imperative that any complaints sent to
> ISPs providing such services MUST have a time stamp (with timezone) along
> with other information relative to the attack/abuse. This is the only way
> the ISPs can relate the IP with the actual enduser in order to contact them
> for remediation.
>
>
>
>
>
> ___________________________________________________________
> Wayne Gustavus, CCIE #7426
> Operations Engineering
> Verizon Internet Services
> ___________________________________________________________
>
> -----Original Message-----
> From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of Drew
> Weaver
> Sent: Friday, February 06, 2004 4:15 PM
> To: nanog at merit.edu
> Subject: Monumentous task of making a list of all DDoS Zombies.
>
>
>
> Is there a list maintained anywhere of all hosts that have been
> identified as a DDoS zombie? Or attack box? We got hit with an attack from
> more than 60 IPs last night and I'd like to add them to any list that anyone
> has started.
>
>
>
> Thanks,
>
> -Drew
>
>
>
More information about the NANOG
mailing list