[CentOS] Re: Defending againts simultanious attacks

Thu Feb 15 19:50:25 UTC 2007
Drew Weaver <drew.weaver at thenap.com>

Yes, bots use bandwidth. However no hosting customer has ever actually
paid for the bandwidth their 'hacked' server has used to attack random
places on the Internet.

The ISP has to pay for it, because if the ISP tries to enforce a charge
for bandwidth a malicious third party used it turns into a gigantic
fiasco.

-Drew 

-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Scott Silva
Sent: Thursday, February 15, 2007 1:15 PM
To: centos at centos.org
Subject: [CentOS] Re: Defending againts simultanious attacks

Drew Weaver spake the following on 2/15/2007 8:27 AM:
> I find it kind of odd that noone has come up with a 'RBL' for bots...
> 
> ISPs could easily receive routes via BGP from "some trusted source" 
> that has NULL routes for all of the 'infected' hosts which are 
> attacking people..
> 
> A few dozen honeypots and you would quickly have a large list of 
> infected hosts in which to ignore entirely.
ISP's are in the market to sell bandwidth. And bots use bandwidth.
Even if an ISP would just police it's own address space it would help.
At home I have roadrunner, and they have no problem blocking "incoming"
port
25 and port 80 traffic, but have no problem letting a connection blast
away at everybody outgoing.
So I can't have a simple webserver, but I can have a spamming operation.
Go figure!

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos