[110302] in North American Network Operators' Group
Happy New Year! Let the botnets loose!
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Jan 2 15:23:33 2009
Date: Fri, 02 Jan 2009 14:23:14 -0600
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
From reports in the CBL database, it appears they have enjoyed some DOS
traffic yesterday, and I'm currently enjoying a little 40k+ botnet
attack (small botnet beats large one when you host the victim IP).
Anyone have any good resources on the breakdowns of the current known
botnets and their traffic patterns? This one appears to use random IP
protocol numbers, and extremely small packets. IP 255 and ICMP type 70
seem popular on this one, but I see a lot of randomness.
Feel free to reply offlist if you have some good resources.
Jack Bates
