Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

DDOS Bot Blacklist
From: "Andy Cuff" <lists () securitywizardry com>
Date: Sun, 14 Nov 2004 22:26:48 -0000
Hi,
I was wondering if anyone had looked into the creation of a blacklist for
DDOS bots?  
There are obvious concerns; firstly, where the source may be spoofed, though
most of the Attack Mitigation Systems should deal with stateless attacks and
secondly, with so many of the bots originating from DHCP scopes, many bots
this could be overcome by rapid aging of the addresses or only including
addresses used more than once indicating a long term address lease in the
scope.  

   Regards
   -andy cuff
The Talisker Network Security Portal
http://securitywizardry.com 
Computer Network Defence Ltd


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004
 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]