|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
DDOS Bot Blacklist
From: Andy Cuff (lists
securitywizardry.com)
Date: Sun Nov 14 2004 - 16:26:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I was wondering if anyone had looked into the creation of a blacklist for
DDOS bots?
There are obvious concerns; firstly, where the source may be spoofed, though
most of the Attack Mitigation Systems should deal with stateless attacks and
secondly, with so many of the bots originating from DHCP scopes, many bots
this could be overcome by rapid aging of the addresses or only including
addresses used more than once indicating a long term address lease in the
scope.
Regards
-andy cuff
The Talisker Network Security Portal
http://securitywizardry.com
Computer Network Defence Ltd
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]