[AusNOG] DDOS mitigation

Matt Palmer mpalmer at hezmatt.org
Sun May 12 19:35:51 EST 2013


On Sun, May 12, 2013 at 03:24:20AM +0000, Dobbins, Roland wrote:
> On May 12, 2013, at 10:13 AM, Zone Networks - Joel wrote:
> > Its all those damn Joomla/Wordpress websites that have been compromised
> > and I don't see it stopping either, since they are millions of these
> > websites that wont get patched/upgraded until its exploited.
> 
> My hope is to utilize the aforementioned insurance scheme to induce IDC
> operators to perform ongoing proactive vulnerability scanning of
> hosted/co-located/virtual servers located on their access networks, and to
> shut down end-customers who are not fully patched until they remediate
> their boxen.

It's a nice idea to be sure, but a provider with a bunch of compromised
wordpress instances is unlikely to be impacted sufficiently to need to claim
on their insurance scheme.  It's rather a lot like BCP38 -- they're a minor
annoyance to the source, because there's only a (relatively) few of them per
misbehaving ISP, but multiply that by the number of misbehaving ISPs, and
they're a damned nuisance to the destination.

- Matt

-- 
CH3_ _ _ _ _ _ _ _ _ _ _
CH3_X_X_X_X_X_X_X_X_X_X_>
    <_X_X_X_X_X_X_X_X_X_>  1,2-dimethylchickenwire
    <_X_X_X_X_X_X_X_X_X_>  	-- Michael McConnell, ASR




More information about the AusNOG mailing list