[39467] in North American Network Operators' Group
RE: DDoS attacks
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Thu Jul 12 00:00:35 2001
Message-ID: <EA9368A5B1010140ADBF534E4D32C728025A07@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: 'Rob Thomas' <robt@cymru.com>, nanog@merit.edu
Date: Wed, 11 Jul 2001 21:00:36 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
> From: Rob Thomas [mailto:robt@cymru.com]
> Sent: Wednesday, July 11, 2001 8:24 PM
>
> ] I happen to agree, if only because; when script kiddies
> don't have IRC to
> ] play with they'll start looking elsewhere. I'd rather them
> have an IRC net
> ] to play with while they're being hunted. Wouldn't you?
>
> Agreed. Keep in mind that when the kiddies really want to
> test something
> nasty, they simply build their own (hidden and secured) IRC servers in
> which to park the zombies. So a paucity of IRC
> servers/networks isn't an
> issue to them.
>
> Eradicating IRC isn't the solution. IRC is the "SOSUS net"
> of DDoS. It
> would be wise if everyone paid close attention to what is discovered
> therein.
Of course, it also wouldn't hurt if we actually STARTED a script-kiddie
hunt, while they're making themselves so visible/vulnerable, rather than
kvetching at the victim, neh?
