"Henry R. Linneweh" wrote:
My fundamental question here is where is the directory where all these new DDoS toyz and other forms of destruction located at?
Potentially millions of hosts.
How are they getting to these programs? A solution is system wide scans for code segments in programs that spawn attacks and remove them and the users who have them without a valid reason.
Search records for ssh, stelnet, telnet connections to boxes other than the primary account.
Since the tools can exist on any individual host on the network, every single owner/user/admin of an IP address would need to scan their machine. While I agree its a host problem, it's extremely difficult to fix with host solutions alone. Even if you did, you still won't be able to stop the creation and dissemination of tools amongst the bad guys.
Tighten up on hosted domains TOS and force Domain registrars to cancel domains involved in criminal activity.
I agree, some form of shunning could help cause people to batten down the hatches. This assumes you know where the problem is originating from. John