North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Monumentous task of making a list of all DDoS Zombies.

  • From: Suresh Ramasubramanian
  • Date: Sun Feb 08 04:08:00 2004

Iljitsch van Beijnum wrote:
Coming up with new types of probes all the time to check for this would be a huge amount of work.
Would that be any less work than clearing up the mess left by an infestation of DDoS zombies? :)

I favor an approach where people no longer get to send data at high speed without the recipient's approval. Just sending data in the blind or any type of scanning could then trigger a severe rate limit or raise an alarm.
It is fairly easy to work around rate limits by just scaling laterally, and compromising a few million more boxes. If the next virus grabs 4M, or 20M boxes instead of just a measly 2M boxes, you can rate limit all you like, bit it really won't help.

Unfortunately, this type of action must be performed at the source and some networks just can't be bothered.