[nsp-sec] search by asn
James A. T. Rice
james_r-nsp at jump.org.uk
Mon Apr 1 18:23:02 EDT 2013
On Mon, 1 Apr 2013, John Kristoff wrote:
> If I'm missing something else you'd really like to see, let me know.
Perhaps the information for real prioritisation is best based upon the
volume of traffic received from any given amplifier (the type of amplifier
is certainly nice to know).
We have a bunch of gaming server customers who regularly get DoSsed via
DNS Amplification, I could contribute the traffic stats / netflow data /
pcap data from the attacks if that's at all useful. Maybe others could do
some of the above too? The badness of a given host could be normalised and
used to give an aggregate score.
I think it would be useful to have a website similar to
http://smurf.powertech.no/ but for DNS Amplification, the public side
could have a with lists of stats graphs per ASn for the top asns by number
of amplifiers, and something similar to ASn alerts but with more detail
(e.g. last attack date, RR used, and a pcap download) could be emailed
privately to the asn operators.
Thoughts?
Cheers
James
More information about the nsp-security
mailing list