[93053] in North American Network Operators' Group
10,352 active botnets (was Re: register.com down sev0?)
daemon@ATHENA.MIT.EDU (Sean Donelan)
Thu Oct 26 01:32:02 2006
Date: Thu, 26 Oct 2006 01:18:22 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.44.0610252333040.3923-100000@bawx.pilosoft.com>
Errors-To: owner-nanog@merit.edu
On Thu, 26 Oct 2006, alex@pilosoft.com wrote:
> Well, let's talk about "worst-case ddos". Let's say, 50mpps (I have not
> heard of ddos larger that that number). Let's say, you can sink/filter
> 100kpps on each box (not unreasonable on higher-end box with nsd). That
> means, you should be able to filter this attack with ~500 servers,
> appropriately place. Say, because you don't know where the attack will
> come in, you need 4 times more the estimated number of servers, that's
> 2000 servers. That's not entirely unreasonable number for a large enough
> company.
Botnets were the topic at today's Info Security conference in New York
City. <http://www.infosecurityevent.com> Coincidences? Or just
as random as your iPod shuffle?
Jose Nazario estimated that there were 10,352 botnets active on the
Internet earlier this year. You will probably always be outnumbered on
the public Internet.
