Author: Suresh Ramasubramanian Date: To: Jerry Bell CC: Michael Coxe, exim-users Subject: Re: [Exim] fwd fr NANOG: monkeys.dom UPL being DDOSed to death
Jerry Bell [9/24/2003 9:48 AM] :
> One thing I've found, although I'm sure there are exceptions, is that these
> things generally do not come from all that many hosts. A dozen or so well
> connected compromised boxes and no egress filters on an ISP will allow those
> few hosts to look like thousands and thousands of hosts. In the past I've
> had to have my upstream block port 80 and literally just wait for the kids
> to get bored and move on to some other new toy, usually 8 to 10 hours. I
> don't know anything of what happened to monkeys.com specifically, just
> relaying my experience with this kind of thing.
Yeah - bad egress filtering at the source ISPs is a large part of the
problem.
But I _have_ seen DDoS launched from zombie / trojaned hosts as well.
