North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Monumentous task of making a list of all DDoS Zombies.
It need be neither momentous nor monumental - Just say it's 0.0.0.0 / 0 with some occasional exceptions. Regards Marshall Eubanks On Sat, 7 Feb 2004 11:56:28 -0500 "Wayne Gustavus (nanog)" <[email protected]> wrote: > This would essentially be impossible and not a good idea. Large volumes of > hosts/zombies involved in such attacks originate from residential cable/dsl > subscribers. This user base primarily uses dynamically assigned IP space. > Hence, the IP of tonight's attacker could be the IP of tomorrow's legitimate > user. > > This is the same reason that it is imperative that any complaints sent to > ISPs providing such services MUST have a time stamp (with timezone) along > with other information relative to the attack/abuse. This is the only way > the ISPs can relate the IP with the actual enduser in order to contact them > for remediation. > > > > > > ___________________________________________________________ > Wayne Gustavus, CCIE #7426 > Operations Engineering > Verizon Internet Services > ___________________________________________________________ > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of Drew > Weaver > Sent: Friday, February 06, 2004 4:15 PM > To: [email protected] > Subject: Monumentous task of making a list of all DDoS Zombies. > > > > Is there a list maintained anywhere of all hosts that have been > identified as a DDoS zombie? Or attack box? We got hit with an attack from > more than 60 IPs last night and I'd like to add them to any list that anyone > has started. > > > > Thanks, > > -Drew > > >