[nsp-sec] Revisiting the DDOS Route Server project
Scott A. McIntyre
scott at xs4all.net
Thu Aug 13 02:22:13 EDT 2009
Hi again,
> without putting words in seth's mouth: "How does the botherder know
> where to send his packets?"
>
> I presume some second party could be used... 'poke http-thing ->
> there' which updates shared data-store 'here', start spewing forth
> UDP pkts.
>
Yes, I didn't consider this much of a hurdle for them. So many
compromised websites and iframes and whatnot out there, access to the
logs of who downloaded what, or, even the distribution source itself
informing the Evil Mastermind of the list of IPs that visited their
infection distribution source...trivial.
Or, they could indeed just spray a small packet or two to networks
they think/hope have infections and that will slip under most radars
and get through just fine.
Scott
More information about the nsp-security
mailing list