> While we don't track DDoS attacks, SAFE is commited to removing smurf > amplifiers, still one of the most abused forms of DoS, from the > internet.
I do not agree as smurf attacks being the most used. Actually trojans with an irc robot in it seems to be the most used. The "Script Kiddies" control them over an IRC channel. They control the IRC server/network where those trojans connect using DNS entries (CNAME to whatever they want). Some of them control around 20k infected workstations (most of them are CATV and ADSL users). Imagine..... if each infected user only has 100k of upstream.... 20k * 100kbps ....2gbps... ?!? which medium size ISP can so something against that? none. For sure those 20k infected users arent online at the same time... but still... I know some "kiddies groups" on IRC networks (like Rectum Crew from .ca), they use some kind of "trojan template" where they can add whatever software they want. Once they control the machine, they can do upgrades of their software etc... and the worst thing is when such groups fight against each other....trying to take control of the other group robots.... They also propagate their trojans using FAKE sex websites saying you need to download a dialer.... which is the IRC trojan.... + mail spam... they get quickly many infected users. Most of the big IRC networks (at least Undernet and DALnet has) have a special team fighting against trojans, but most of the time we cannot do anything, cause the ISPs do not contact the customer to tell him to install an anti-virus or a trojan remover... See what happened to the IRC network DALnet... since months they are getting a non-stop attack against most of their servers. Even the servers which are actually shutdown still get attacked.... the overall bandwith used against DALnet server is still over 1gbps at the moment.... For sure, there are still some hacked *nix servers from where the "kiddies" run TCP_SYN floods, (source == random for sure).... P. --------------------------------------------------------------------- EuroNOG: http://www.euronog.org/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
