IP addresses being attacked in Krebs DDoS?

Brett Glass nanog at brettglass.com
Sun Sep 25 22:35:18 UTC 2016


At 03:50 PM 9/25/2016, Patrick W. Gilmore wrote:

>What Brett is asking seems reasonable, even useful. Unfortunately, 
>it is not as simple as posting a list of addresses on a website.
>
>Many devices are compromised because of default user/pass 
>settings. Publishing a list of IP addresses which are so trivially 
>compromised is handing the miscreants a gift.

I think you may have misunderstood my request. I am not asking for 
the IP addresses of the bots, but the address or addresses which 
they are attacking. I can then scan outgoing packets for those 
destination addresses, and -- if I see them -- work my way back to 
the customers who are unknowingly harboring infected devices. Those 
devices could be PCs, Webcams, DVRs, even thermostats.... The 
customers may not know that they have changeable passwords or backdoors.

By doing this, we can not only enhance our users' security but 
forestall complaints. We have had more than one customer quit 
because an infected device on his or her network impacted the 
quality of video streaming or VoIP... and, of course, he blamed the 
ISP. Everyone ALWAYS blames the ISP. ;-)

--Brett Glass




More information about the NANOG mailing list