• They must help with attribution • Which of their clients is transmitting the traffic? ! • Given (TARGET_IP, location, timeframe, volume) • Tell which of the CUSTOMERS transmitted the data 69 Proposal:
• http://openntpproject.org/ • http://openresolverproject.org • http://www.team-cymru.org/Open-Resolver- Challenge.html • https://www.shodan.io/ 81 Help: close NTP and DNS
src port 123 == NTP attack • udp and src port 53 == DNS attack • DDoS mitigation vendors have FAT pipes • Amplification is bouncing off real servers • Therefore geographically distributed • Not effective against anycast 84 Is amplification in decline?