nanog mailing list archives
Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)
From: Don <don () calis blacksun org>
Date: Thu, 26 Oct 2006 11:38:10 -0400 (EDT)
I think it's a time constraint- looking up, sorting and notifying admins about 10,000 attack sources isn't practical. I'd love to do it- but I don't have time. That said- if someone notifies me of a compromised host I immediately investigate- and I suspect so would everyone else on this list.Put another way, anti-spoofing does three things: it makes reflector attacks harder, it makes it easier to use ACLs to block sources, and it helps people track down the bot and notify the admin. Are people actually successfully doing either of the latter two?
Has anyone put together a centralized system where you can send in a list of attacking bots, let it automatically sort by allocation, and then let it notify the appropriate admin with a list of [potentially] compromised hosts?
Then again: Considering how many admins don't care, how many end users don't care/know, and how quickly many of thee systems would get re-infected maybe it's all a bit pointless.
I'd be surprised if there were much of either. That leaves reflector attacks. Are those that large a portion of the attacks people are seeing?Everything I have seen of late has been legitimate traffic originating from across the globe. With tens of thousands of compromised hosts that's all it takes.
-Don
Current thread:
- Re: BCP38 thread 93,871,738,435 + SPF, (continued)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Gadi Evron (Oct 29)
- Re: BCP38 thread 93,871,738,435 + SPF Randy Bush (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Florian Weimer (Oct 27)
- Re: BCP38 thread 93,871,738,435 + SPF Douglas Otis (Oct 27)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Patrick W. Gilmore (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Don (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) william(at)elan.net (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Michael Painter (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Mikael Abrahamsson (Oct 26)
- Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?) Chris L. Morrow (Oct 26)