[AusNOG] DDOS mitigation
Matt Palmer
mpalmer at hezmatt.org
Sun May 12 19:35:51 EST 2013
On Sun, May 12, 2013 at 03:24:20AM +0000, Dobbins, Roland wrote:
> On May 12, 2013, at 10:13 AM, Zone Networks - Joel wrote:
> > Its all those damn Joomla/Wordpress websites that have been compromised
> > and I don't see it stopping either, since they are millions of these
> > websites that wont get patched/upgraded until its exploited.
>
> My hope is to utilize the aforementioned insurance scheme to induce IDC
> operators to perform ongoing proactive vulnerability scanning of
> hosted/co-located/virtual servers located on their access networks, and to
> shut down end-customers who are not fully patched until they remediate
> their boxen.
It's a nice idea to be sure, but a provider with a bunch of compromised
wordpress instances is unlikely to be impacted sufficiently to need to claim
on their insurance scheme. It's rather a lot like BCP38 -- they're a minor
annoyance to the source, because there's only a (relatively) few of them per
misbehaving ISP, but multiply that by the number of misbehaving ISPs, and
they're a damned nuisance to the destination.
- Matt
--
CH3_ _ _ _ _ _ _ _ _ _ _
CH3_X_X_X_X_X_X_X_X_X_X_>
<_X_X_X_X_X_X_X_X_X_> 1,2-dimethylchickenwire
<_X_X_X_X_X_X_X_X_X_> -- Michael McConnell, ASR
More information about the AusNOG
mailing list