[93056] in North American Network Operators' Group
Re: 10,352 active botnets (was Re: register.com down sev0?)
daemon@ATHENA.MIT.EDU (Fergie)
Thu Oct 26 01:49:13 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Thu, 26 Oct 2006 05:43:54 GMT
To: sean@donelan.com
Cc: nanog@merit.edu, jose@arbor.net
Errors-To: owner-nanog@merit.edu
Jose's numbers are conservative.
Given some mathematical acrobatics, I'd suggest examining some
of the (shocking) number sin Microsoft's Security Intelligence
Report (Google it) -- these are reflective: =
"Of the 4 million computers cleaned by the company's MSRT
(malicious software removal tool), about 50 percent (2 million)
contained at least one backdoor Trojan. While this is a high
percentage, Microsoft notes that this is a decrease from the
second half of 2005. During that period, the MSRT data showed
that 68 percent of machines cleaned by the tool contained a
backdoor Trojan."
Ref: http://www.eweek.com/article2/0,1759,2036439,00.asp
If you're wondering why DDoS attacks are so effective, look
no further than your backyard.
- ferg
-- Sean Donelan <sean@donelan.com> wrote:
On Thu, 26 Oct 2006, alex@pilosoft.com wrote:
> Well, let's talk about "worst-case ddos". Let's say, 50mpps (I have no=
t
> heard of ddos larger that that number). Let's say, you can sink/filter=
> 100kpps on each box (not unreasonable on higher-end box with nsd). Tha=
t
> means, you should be able to filter this attack with ~500 servers,
> appropriately place. Say, because you don't know where the attack will=
> come in, you need 4 times more the estimated number of servers, that's=
> 2000 servers. That's not entirely unreasonable number for a large enou=
gh
> company.
Botnets were the topic at today's Info Security conference in New York =
City. <http://www.infosecurityevent.com> Coincidences? Or just =
as random as your iPod shuffle?
Jose Nazario estimated that there were 10,352 botnets active on the =
Internet earlier this year. You will probably always be outnumbered on
the public Internet.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
