This would essentially be impossible and not a good idea. Large
volumes of hosts/zombies involved in such attacks originate from residential
cable/dsl subscribers. This user base primarily uses dynamically
assigned IP space. Hence, the IP of tonight's attacker could be the IP of
tomorrow's legitimate user.
This is the same reason that it is imperative that any complaints sent to
ISPs providing such services MUST have a time stamp (with timezone) along with
other information relative to the attack/abuse. This is the only way the
ISPs can relate the IP with the actual enduser in order to contact them for
remediation.
___________________________________________________________ Wayne
Gustavus, CCIE
#7426 Operations
Engineering Verizon
Internet
Services ___________________________________________________________
Is there a list maintained anywhere of all hosts that have been identified as
a DDoS zombie? Or attack box? We got hit with an attack from more than 60 IPs
last night and I'd like to add them to any list that anyone has
started.
Thanks,
-Drew
|