[CentOS] Re: Defending againts simultanious attacks

Thu Feb 15 18:39:08 UTC 2007
Paul <unix at bikesn4x4s.com>

On Thu, February 15, 2007 1:15 pm, Scott Silva wrote:
> Drew Weaver spake the following on 2/15/2007 8:27 AM:
>> I find it kind of odd that noone has come up with a 'RBL' for bots...
>>
>> ISPs could easily receive routes via BGP from "some trusted source" that
>> has NULL routes for all of the 'infected' hosts which are attacking
>> people..
>>
>> A few dozen honeypots and you would quickly have a large list of
>> infected hosts in which to ignore entirely.
> ISP's are in the market to sell bandwidth. And bots use bandwidth.
> Even if an ISP would just police it's own address space it would help.
> At home I have roadrunner, and they have no problem blocking "incoming"
> port
> 25 and port 80 traffic, but have no problem letting a connection blast
> away at
> everybody outgoing.
> So I can't have a simple webserver, but I can have a spamming operation.
> Go
> figure!

Speakesy.net polices their network properly and allows servers in the TOS.
 One of the few left.  And they do police their network for open relays. 
They rule!