[AusNOG] DDoS Attacks - Painful and Persistent.
Roland Dobbins
rdobbins at arbor.net
Mon Aug 10 16:37:41 EST 2009
On Aug 10, 2009, at 1:31 PM, Nick Brown wrote:
> Unfortunately not, nor can we identify any characteristics or trends
> in
> traffic to our downstreams that would suggest we are taking the
> beating
> on their behalf.
When you can spare the time/resources to do so, it would be a good
idea to examine this host and its outbound/crossbound traffic in order
to see if it's been compromised and is being used as a botnet C&C, to
host pirated content/warez, etc. These can make it a target - the
miscreants often go after one another for financial and other reasons.
This is a good reason to ensure one has good visibility into traffic
into/out of the IDC, as well as cross-bound traffic within the IDC -
catching compromised hosts early-on can help in limiting the impact of
a compromise.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Unfortunately, inefficiency scales really well.
-- Kevin Lawton
More information about the AusNOG
mailing list