I Wanna Join a Zombie Army!

My husband battles zombie armies, what does yours do?

Today in NERD NEWS:

"Attacks used to be largely assigned to an individual host. These days, the attacks are very large coming from multiple points on the Internet and are targeted at a network," he says. Arbor is seeing zombie armies, which are compromised host machines, with as many as 50,000 hosts attacking one network, Morville says. . .

. . . While MCI says it's been doing in-house traffic analysis, it has not deployed network-wide anomaly detection gear because the tools haven't been mature enough and there have been network scalability issues, says Christopher Morrow, manager of network router security at MCI.

In the meantime the service provider recently has put a couple of projects in place to better deal with the slew of attacks.

Morrow says that in the past it was difficult to find the correct person to notify at another ISP when an attack was originating from its network. Now many of the large ISPs are part of an e-mail and voice-over-IP mailing list of sorts. Network administrators communicate regularly over this informal system in an effort to stop an attack quickly. . .

. . . "In most attacks we can blackhole traffic within two to three minutes," Morrow says. While the ability to react quickly is helpful to customers, the ISPs and users agree it's essential to be proactive instead of reactive when dealing with distributed DoS.

-----

And that's why everyone calls Chris the "Two to Three Minute Man." What did you think they were talking about?