Webwork - 3:59 pm on Mar 9, 2012 (gmt 0)
What's the motivation for this attack?
Is there buzz about sites, other than those running Adsense, being hit by this attack?
Follow the money? Ex. If "only Adsense" then a) competitive site that's been tanked; b) this is "the new SEO" (nuke competitiors by botnet); c) punish G; d) "This is a test. This is only a test." For what reason? Proof of concept? How to massively expand DDOS, not from a site take-down perspective but from the worst wound with the least commitment of botnet resources? Kill the moneymaker page(s) and cause the most pain? Extortion notes to follow?
I'd think about defenses from the perspective of "this is a test" and there's more to come.
I'd also . . cough . . cough . . look for the new(est) hosting provider(s) that offer services designed specifically around IP blocking. (And, if I was a hosting provider, I'd consider making this "offer" part of the marketing package, i.e., we offer upstream botnet protection from all known attacks . . )
Wish I was more tech savvy. Based on my limited knowledge the best temporary solution that may exist is for widespread IP list sharing. Are there agencies/entities that serve to collect lists of zombie machines and do they share their lists, especially IF you contribute to their lists?