On Wed, 15 Aug 2007 15:02:07 EDT, "J. Oquendo" said:
Providers should start caring about what they're carrying. Haven't seen one message yet about the hording of "Storm Bot" and what someone is doing to nip this at the bud. Who better than the big boys. After all what happens when someone launches this botnet at say Mae-East/West or some other backbone.
I doubt if anybody would notice a DDoS attack against MAE-East. ;) And we're unlikely to see many major DDoS attacks against backbones, for a number of reasons: 1) You need a pretty big hose, or a *lot* of computers to do it. 2) The people with botnets tend to fall into 2 major groups: ankle-biters and pros. 2a) The ankle-biters don't hose down backbones because (1) they don't usually even know what a backbone is, and (2) they're usually too busy pointing their DDoS tools at some other ankle-biter or IRC admin that cheesed them off. Yes, these guys have taken out a few mid-tiers, but it's accidental collateral damage, not the intended target. 2b) The pros don't hose down backbones, because if a backbone is down, they can't make money from their now-disconnected botnet. Yeah, a concerted effort probably *would* take out AS701 or similar. But we don't see it happen often, because the people who have the ability to do it also realize that while AS701 is out napping, their other business ventures are taking a hit from the lost connectivity...