deepak@ai.net (Deepak Jain) writes:
Would any broadband providers that received automated, detailed (time/date stamp, IP information) with hosts that are being used to attack (say as part of a DDOS attack) actually do anything about it?
while not a broadband provider, i would be interested in that information.
Would the letter have to include information like "x.x.x.x/32 has been blackholed until further notice or contact with you" to be effective?
i'd like a dynamic update of a blackhole-style zone, please. while it would not be my personal one (as shown in the following example), it would be just like it. naturally i would only share the update key with people whose judgement i had confidence in -- deepak being an example of same. probably the zone would only be accessible using a tsig query key that would also be known only to a set of judgement-trusted people (maybe the same set, maybe not). i run the script below as part of my maillog-watcher (when postfix signals that a worm was rejected), and my http sham server (when it detects an attempt to do something bad), and my smtp sham server (likewise). checking just now i see 895028 entries auto-added to the list since inception (7 weeks ago). imagine what we could accomplish with more judgement-trusted contributors. any interest? (this would probably show up as part of http://oarc.isc.org/ but before i propose it there i'm interested in field survey results.) -------- #!/bin/sh node=`echo $1 | awk -F. '{print $4 "." $3 "." $2 "." $1}'`; shift zone="example.vix.com" server="justanexample.vix.com" ttl="1800" nsupdate="/usr/local/bin/nsupdate" keyfile="/var/named/rejectall/Kupdate-rejectall.+157+43810.key" ( echo server $server echo zone $zone echo prereq nxdomain $node.$zone echo update add $node.$zone $ttl A 0.0.0.0 echo update add $node.$zone $ttl TXT created `date +%Y%m%d%H%M%S` if [ $# -gt 0 ]; then echo update add $node.$zone $ttl TXT reason $@; fi echo send ) | $nsupdate -k $keyfile /dev/stdin exit $? -------- -- Paul Vixie