•Typical
Perpetrators
Cracked
superuser account on well-connected enterprise network
Superuser
account on university residence hall network (Ethernet)
Typical PPP
dial-up account (for smaller targets)
•Typical
Bounce Sites
Large
co-location subnets
Large switched
enterprise subnets
Typically
scanned for large numbers of responding hosts
•Typical
Victims
IRC Users,
Operators, and Servers
Providers who
eliminate troublesome users’ accounts