[conspire] Fighting DDoS extortion
Rick Moen
rick at linuxmafia.com
Wed May 4 14:31:48 PDT 2005
Quoting Tony Godshall (togo at of.net):
> So they presumably have the IP addresses of 40-50,000
> compromised Windows boxes. Does it make any sence to alert
> the ISPs of these Windows boxes?
Maybe 1000 detailed e-mails to "Dear Network Abuse Officer."
And the ISP is going to send out letters saying:
Dear Customer:
We have disabled your broadband connection because of conclusive
evidence of one or more Windows machine on it that are infected
with the ________ virus. [Snip details of suggested remedies.]
Unfortunately, we are obliged to leave your service disconnected
until you telephone us and tell us that you, or a network security
consultant you hire for the purpose, have made certain that the
problem is gone, since that virus floods our network with
attempts to attack other machines elsewhere on the Internet.
We hope you will understand the need for this inconvenience, and
look forward to reactivating your service.
Sure, they'd love to do that. ;->
> Obviously many will be dynamic, and many ISPs will take no action....
What would be your guess? The first three "In a pig's eye" answers
don't count.
> but if attackees did this consistently, wouldn't it eventually help?
Nope.
Hell, I've tried sending "Your service subscriber is virus-infected
and is illegally attacking my machine" notes. It never works. Not
once.
More information about the conspire
mailing list