You're Being DDOSed — What Do You Do? Name and Shame?

badger.foo writes "When you're hit with a DDOS, what do you do? In his most recent column, Peter Hansteen narrates a recent incident that involved a DNS based DDOS against his infrastructure and that of some old friends of his. He ends up asking: should we actively publish or 'name and shame' DDOS participants (or at least their IP addresses)? How about scans that may or may not be preparations for DDOSes to come?"

not sure "shame" will have much effect

[Trepidity]

The vast majority of DDoS participants are infected computers in botnets, and their owners are typically unaware. Will they even notice your naming sufficiently to be ashamed? Maybe if it's a corporation it'd have some effect: publishing that you were hit by a DDoS that included X computers from BigCorp might make BigCorp look bad. But not so much if the botnet is a bunch of random home PCs.

Re:not sure "shame" will have much effect

[tnk1]

Not sure we want to encourage providers to start nosing around in their customers' traffic more than they already do.... Just saying.

Re:It's a first step

[symbolset]

Censoring the Internet is never the right answer.