Monumentous task of making a list of all DDoS Zombies.
Suresh Ramasubramanian
suresh at outblaze.com
Sun Feb 8 09:05:30 UTC 2004
Iljitsch van Beijnum wrote:
> Coming up with new types of probes all the time to check for this would
> be a huge amount of work.
Would that be any less work than clearing up the mess left by an
infestation of DDoS zombies? :)
> I favor an approach where people no longer get to send data at high
> speed without the recipient's approval. Just sending data in the blind
> or any type of scanning could then trigger a severe rate limit or raise
> an alarm.
It is fairly easy to work around rate limits by just scaling laterally,
and compromising a few million more boxes. If the next virus grabs 4M,
or 20M boxes instead of just a measly 2M boxes, you can rate limit all
you like, bit it really won't help.
> Unfortunately, this type of action must be performed at the source and
> some networks just can't be bothered.
Yup.
srs
More information about the NANOG
mailing list