North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical


  • From: John Kristoff
  • Date: Mon May 01 11:30:58 2000

"Henry R. Linneweh" wrote:
> My fundamental question here is where is the directory where
> all these new DDoS toyz and other forms of destruction
> located at?

Potentially millions of hosts.

> How are they getting to these programs?
> A solution is system wide scans for code segments in
> programs that spawn attacks and remove them and the
> users who have them without a valid reason.
> Search records for ssh, stelnet, telnet connections to
> boxes other than the primary account.

Since the tools can exist on any individual host on the network, every
single owner/user/admin of an IP address would need to scan their
machine.  While I agree its a host problem, it's extremely difficult to
fix with host solutions alone.  Even if you did, you still won't be able
to stop the creation and dissemination of tools amongst the bad guys.

> Tighten up on hosted domains TOS and force Domain registrars
> to cancel domains involved in criminal activity.

I agree, some form of shunning could help cause people to batten down
the hatches.  This assumes you know where the problem is originating