I tend to agree here. I have noticed so many attacks etc coming from APNIC as of recent that on our corp network we have an ACL to block a number of APNIC blocks. If there was a dynamic method to add null0 routes to identified zombies, I think that would help. IE. security company A provides a feed (BGP etc) to null route zombies that it has identified.
But that opens a whole other can of worms..... J -----Original Message----- From: Petri Helenius [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 9:24 AM To: [EMAIL PROTECTED]; Rob Thomas Cc: NANOG Subject: Re: WANTED: ISPs with DDoS defense solutions I would say that because backdoored hosts are easily available in large quantities, spoofing does not make sense and usually alarms various systems more quickly than packets from legitimate addresses. Pete ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Rob Thomas" <[EMAIL PROTECTED]> Cc: "NANOG" <[EMAIL PROTECTED]> Sent: Thursday, July 31, 2003 4:17 PM Subject: Re: WANTED: ISPs with DDoS defense solutions > > On Wed, 30 Jul 2003, Rob Thomas wrote: > > > I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number, > > only 32 used spoofed sources. I rarely see spoofed attacks now. > > Do you have any ideas as to why that is? Is it due to more providers > doing source filtering? It wouldn't make sense for attackers to become > less sophisticated unless they became more difficult to catch for other > reasons (e.g. botnets getting bigger). > > Rich > >
