BL of Compromised Hosts?

Daniel Concepcion dani at danielcp.net
Sun Feb 22 18:20:25 UTC 2004



Hi Deepak,

Check 
http://www.cymru.com/BGP/bogon-rs.html
They are doing a good job in this issue.

Regards,
Daniel


On Sunday 22 February 2004 17:12, Deepak Jain wrote:
> Would anyone be interested in receiving a text or BGP feed of IPs of
> hosts known/suspected to be compromised and used as parts of DDOS
> attacks? Would anyone be interested in contributing their BGP views?
>
> We have (and I'm sure we're not isolated) been seeing attacks from
> several thousand/tens of thousands of unique hosts generated >2Gb/s,
>
>  >1Mpps attacks.
>
> I am not necessarily suggesting that providers use this list to
> blackhole at their edge, but its certainly a good candidate for that. It
> could alternatively be used by access providers to notify their
> customers or filter on their customers. I am sure it would also be a
> good list to use to deny traffic to SMTP servers from/to.
>
> I'm not really an activist, so if there is real interest, I will be glad
> to set it up and contribute our own significant list of sources.
>
> If this is already done and I don't have a good set of skills with
> Google, please let me know.
>
> Thanks in advance,
>
> Deepak Jain
> AiNET



More information about the NANOG mailing list