Re: Monumentous task of making a list of all DDoS Zombies.

[Suresh Ramasubramanian <suresh () outblaze com>]

Iljitsch van Beijnum wrote:
> Coming up with new types of probes all the time to check for this would 
> be a huge amount of work.

Would that be any less work than clearing up the mess left by an 
infestation of DDoS zombies? :)

> I favor an approach where people no longer get to send data at high 
> speed without the recipient's approval. Just sending data in the blind 
> or any type of scanning could then trigger a severe rate limit or raise 
> an alarm.

It is fairly easy to work around rate limits by just scaling laterally, 
and compromising a few million more boxes.  If the next virus grabs 4M, 
or 20M boxes instead of just a measly 2M boxes, you can rate limit all 
you like, bit it really won't help.

> Unfortunately, this type of action must be performed at the source and 
> some networks just can't be bothered.

Yup.

        srs