nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Monumentous task of making a list of all DDoS Zombies.

From: "Steve Birnbaum" <steve.birnbaum () sky-vision net>
Date: Tue, 10 Feb 2004 11:47:01 +0200

 

Your staff will still get a ton of complaints. If these can 
be parsed by a script that looks for virus / trojan strings in the 
complaint,extracts the IP (or has your NOC dude just click the IP in his 
ticketing system, like in RT + IRTT) and the account just goes away - then

fine.

So you want a major ISP to simply automatically disable accounts of its
users based only on automated detection of an IP address and timestamp in
something that APPEARS to be a complaint to an automated script?

Do you want to start a pool to see how long it will take before the
dictionary complaints start rolling in once such a system becomes publicly
known?

There is a reason why there are humans (overworked, unfortunately) handling
abuse complaints.  Make it easy, sure...but make it easy for the human to be
able to properly inspect the complaint to see if it's legitimate BEFORE
doing anything.

But to the original issue of accountability.  If an ISP can't write a simple
tool to take an IP address & timestamp and spit out a username from radius
logs, how do you expect them to implement a hash-based rdns tagging system?

Steve

----
Steve Birnbaum          SkyVision Global Networks
Phone: +44 20 83871750  Email: steve.birnbaum () sky-vision net
Note that it is never the fall that kills, it's the landing.
Previous By Date Next
Previous By Thread Next

Current thread: