This time around its not about spoofing. I presume this is development of the same botnet/worm that we seen day2 of Shellshock public disclosure - its was pretty hightech - golang, arm/mips/x86 support, multiple attack vectors - inlcuding (surprisingly) very effective password guessing. It counted ~100k heads on day2, and i suppose they did grew quite a bit.
Thats part of a problem why cause that much havoc - they do have real IP addresses and reasonably well conected - so they can wreck a havoc in bandwidth and tcp stack. They most likely do not have enough resources to do Full Browser Stack, thats why I think L7 capabilities of the botnet will be very basic. On Sun, Sep 25, 2016 at 7:00 PM, John Kristoff <[email protected]> wrote: > On Sun, 25 Sep 2016 14:36:18 +0000 > Ca By <[email protected]> wrote: > > > As long as their is one spoof capable network on the net, the problem > will > > not be solved. > > This is not strictly true. If it could be determined where a large > bulk of the spoofing came from, public pressure could be applied. This > may not have been the issue in this case, but in many amplification and > reflection attacks, the originating spoof-enabled networks were from a > limited set of networks. De-peering, service termination, shaming, etc > could have an effect. > > John > -- Alexander Lyamin CEO | Qrator <http://qrator.net/>* Labs* office: 8-800-3333-LAB (522) mob: +7-916-9086122 skype: melanor9 mailto: [email protected]
