[conspire] Fighting DDoS extortion

Rick Moen rick at linuxmafia.com
Wed May 4 14:31:48 PDT 2005


Quoting Tony Godshall (togo at of.net):

> So they presumably have the IP addresses of 40-50,000
> compromised Windows boxes.  Does it make any sence to alert
> the ISPs of these Windows boxes?

Maybe 1000 detailed e-mails to "Dear Network Abuse Officer."

And the ISP is going to send out letters saying:

  Dear Customer:

  We have disabled your broadband connection because of conclusive
  evidence of one or more Windows machine on it that are infected
  with the ________ virus.  [Snip details of suggested remedies.]
  Unfortunately, we are obliged to leave your service disconnected
  until you telephone us and tell us that you, or a network security
  consultant you hire for the purpose, have made certain that the
  problem is gone, since that virus floods our network with 
  attempts to attack other machines elsewhere on the Internet.
  We hope you will understand the need for this inconvenience, and
  look forward to reactivating your service.

Sure, they'd love to do that.  ;->

> Obviously many will be dynamic, and many ISPs will take no action....

What would be your guess?  The first three "In a pig's eye" answers 
don't count.

> but if attackees did this consistently, wouldn't it eventually help? 

Nope.

Hell, I've tried sending "Your service subscriber is virus-infected
and is illegally attacking my machine" notes.  It never works.  Not
once.





More information about the conspire mailing list