2009/11/6 Jeffrey Lyon <jeffrey.lyon@blacklotus.net>
The primary issue is that we receive a fair deal of customers who end up with wide scale DDoS attacks followed by an offer for "protection" to move to your network. In almost every case the attacks cease once the customer has agreed to pay this "protection" fee. Every one of these attacks was nearly identical in signature.
By the way, Jeffrey, we can provide reports on HTTP-flood because our system builds it's signatures on http traffic dumps like === IP: 88.246.76.65, last receiving time: 2009-10-25T23:07:37+03:00, many identical requests (length 198): GET / HTTP/1.1 Accept: */* Accept-language: en-us User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Host: [censored] Connection: Keep-Alive So using this info we can map botnets, learn different attacks and in collaboration with ISPs - find CCs of new botnets. And what are your accusations of the identical signatures based on when simple Staminus resellers (like you are) do not have access to their signatures database? Kanak Akrino Abuse Team