Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

RE: DDOS Bot Blacklist
From: "Rob Shein" <shoten () starpower net>
Date: Mon, 15 Nov 2004 00:36:34 -0500
The further question that comes to my mind is who would enforce blocking
based on this list?  It seems to me that if the subscribers to the list were
anything other than ISPs, there would be little point to it.  By the time
you're blocking at your firewall, the DDoS traffic has already consumed what
bandwidth it was meant to consume.  And this is, of course, in addition to
your concerns about DHCP addressing and spoofed source addresses.


-----Original Message-----
From: Andy Cuff [mailto:lists () securitywizardry com] 
Sent: Sunday, November 14, 2004 5:27 PM
To: focus-ids () securityfocus com
Subject: DDOS Bot Blacklist


Hi,
I was wondering if anyone had looked into the creation of a 
blacklist for DDOS bots?  
There are obvious concerns; firstly, where the source may be 
spoofed, though most of the Attack Mitigation Systems should 
deal with stateless attacks and secondly, with so many of the 
bots originating from DHCP scopes, many bots this could be 
overcome by rapid aging of the addresses or only including 
addresses used more than once indicating a long term address 
lease in the scope.  

   Regards
   -andy cuff
The Talisker Network Security Portal http://securitywizardry.com 
Computer Network Defence Ltd


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004
 


--------------------------------------------------------------
------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world 
attacks from 
CORE IMPACT.
Go to 
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04

0708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]