North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BL of Compromised Hosts?
At 11:12 AM 2/22/2004, Deepak Jain wrote:
Would anyone be interested in receiving a text or BGP feed of IPs of hosts known/suspected to be compromised and used as parts of DDOS attacks? Would anyone be interested in contributing their BGP views?We're doing this internally, watching for various types of attack probes (SQL Slammer, Mydoom, dictionary attacks over SMTP, Nimda, etc.) and lock out source addresses via BGP blackholing for those who are persistent. All blocks age out over time so that systems that get fixed are removed by virtue of the attacks stopping. At any given time we have blocks against 800 to 2000 systems.
At present we don't make this available to anyone outside, though it wouldn't be that hard to do.