|
|
|
|
|
|
by JoshTriplett
4387 days ago
|
|
|
Typically, you pay a fixed extra cost for a gigabit or 10Gbps link, but beyond that you only pay for traffic. So, a DDoS will cost you a fair bit, but having the spare capacity to weather one shouldn't cost you all that much. (Depending on just how much you expect to get hit by.) I'm more curious why we don't start large-scale investigations in response to each DDoS attack: each one gives you a list of machines likely participating in a botnet. |
|
|
No, at this point the machines are most likely 'innocent' and are just running exploitable services (usually NTP, DNS, or chargen). Despite widespread knowledge of the vulnerabilities of these protocols ( http://openresolverproject.org/ http://openntpproject.org/ ) getting people to actually fix their systems is hard. Since the systems themselves aren't compromised, investigating each one is not really a good use of your time.
These attacks rely on the ability of the attacker to spoof IP addresses. Tracking down the sources of these spoofed packets would be more useful, but this requires the cooperation of the transit providers. It will also lead back to providers that make money by allowing spoofed traffic in the first place. Ecatel is the well known one right now, they are very popular in the 'booter' business.