North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Monumentous task of making a list of all DDoS Zombies.

  • From: Wayne Gustavus (nanog)
  • Date: Sat Feb 07 11:59:26 2004

Title: Message
This would essentially be impossible and not a good idea.  Large volumes of hosts/zombies involved in such attacks originate from residential cable/dsl subscribers.  This user base primarily uses dynamically assigned IP space.  Hence, the IP of tonight's attacker could be the IP of tomorrow's legitimate user.
This is the same reason that it is imperative that any complaints sent to ISPs providing such services MUST have a time stamp (with timezone) along with other information relative to the attack/abuse.  This is the only way the ISPs can relate the IP with the actual enduser in order to contact them for remediation.

Wayne Gustavus, CCIE #7426                       
Operations Engineering                   
Verizon Internet Services                      

-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Drew Weaver
Sent: Friday, February 06, 2004 4:15 PM
To: [email protected]
Subject: Monumentous task of making a list of all DDoS Zombies.

            Is there a list maintained anywhere of all hosts that have been identified as a DDoS zombie? Or attack box? We got hit with an attack from more than 60 IPs last night and I'd like to add them to any list that anyone has started.