|
|
|
|
|
|
by catminou
1114 days ago
|
|
|
For botnets, yes. For L7 request floods - they spin up a few dozen machines and use open & private proxies to funnel http requests thru. Sometimes those proxies are misconfigured squid, sometimes it's private proxy services, sometimes it's compromised machines converted into proxies (which may be open or require auth / has been sold). For L3/L4 amplification/reflection they're buying machines where they can spoof and using UDP amplification lists (other people's machines) to reflect off of (and obviously not getting permission to, etc.). |
|
|