[nsp-sec] How to get a global K-line?

John Fraizer john at op-sec.us
Mon Mar 24 23:25:00 EDT 2008 

..which  requires dpi which if I could do (easily) now would make the entire thread moot.  I acknowledge the premis of my post is flawed.  In the absense of money for a dpi and or a sufficient scrubbing platform, I'm grasping at straws though. :(

John Fraizer
Senior Internetworking Engineer
NOC Engineering
NuVox Communications, Inc
(864)331-7575 work
-Sent from my Treo SmartPhone
-----Original Message-----
From: John Kristoff <jtk at ultradns.net>
Date: Monday, Mar 24, 2008 11:17 pm
Subject: Re: [nsp-sec] How to get a global K-line?
To: nsp-security at puck.nether.net

----------- nsp-security Confidential --------
>
>On Mon, 24 Mar 2008 20:04:51 +0000
>John Fraizer <john at op-sec.us> wrote:
>
>> With that said, I can trace nearly 100% (7 9's) of our inbound DDoS
> activity to IRC flows just prior to the launch of the attacks.
>
>If you can trace it after the attack, can you identify it before the attack and generate real-time alerts on it or is the time interval
>between IRC comms and DDoS too small?
>
>> How would I go about nicely asking the *responsible* IRC operators to
> globally K-line our address space?  Even just K-lines on the *legit*
> IRC nets would have a significant impact for me lately and I don't
> have to take the heat of having null'd a host. :)
>
>Letting IRCD ops filter your clients for you doesn't seem like the
>appropriate response to me.  What you want is network nanny service
>from someone who can take the blame when they filter something that
>a higher up finds innocuous?  :-)
>
>> Any ideas?
>
>Detect and alert on anomalous IRC traffic might be a short-term
>hack.
>
>John
>
>
>_______________________________________________
>nsp-security mailing list
>nsp-security at puck.nether.net
>https://puck.nether.net/mailman/listinfo/nsp-security
>
>Please do not Forward, CC, or BCC this E-mail outside of the nsp-security community. Confidentiality is essential for effective Internet security counter-measures.
>_______________________________________________
>

More information about the nsp-security mailing list