[nsp-sec] Revisiting the DDOS Route Server project
Seth Hall
hall.692 at osu.edu
Thu Aug 13 00:52:10 EDT 2009
On Aug 13, 2009, at 12:31 AM, Hank Nussbacher wrote:
> But for UDP, if the botmaster realizes what we are doing (and I
> would assume that by now - after years of all of us null routing
> many of their C&C), all they need do is switch to UDP and send their
> instructions out to their bots via UDP, which we do not have any
> tools yet to stop.
I assume that some HTTP/IRC botnet transformed into a UDP botnet would
still need to do the initial checkin which would still be stopped by
the route server as long as the checkin server was being announced.
No bots check in, no commands sent out.
> So, what can we as a community do to augment the DDOS Route Server
> to make it even better?
Maybe the question is more, how could the ddos route server change to
deal with some of the more exotic fastfluxing and P2P botnets?
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the nsp-security
mailing list