Are you positive that "tell nobody" is the mitigation strategy that Google used here? They could have easily asked router vendors to patch their devices, asked ISPs to blackhole those customers until they're patched, etc.
It's mostly not infected computers, but rather poorly configured proxies that are open for anyone to bounce malicious traffic through. Convincing everyone to clean up their open proxies is a long-term, hard problem. But I plan to tackle it soon....
Get a few companies to agree that open proxies are a scourge that needs to be stopped. They each apply some action to open proxies (user-facing messaging, loss of functionality, captcha, or complete block), and the users of those proxies will get the problem fixed.
The hard part (and it truly is hard!) is convincing a few companies to do this. It risks user complaints in the short term, to solve a problem that may not be very acute for the largest companies (who can simply absorb these attacks).
How about downgrading all connections from said proxies to http 1.1? This can be done in coordination, but it ought not to be too hard to embed such ‘graylisting’ functionality in a webserver.
(No I don’t expect any response but I am just leaving this thought for those who stumble on this thread in the future).
Effective or efficient?
Would seem rather inefficient to spend time researching all the possible ways to gain route on x number of servers, finding an exploit, crafting some plan to execute it, keeping your prints clean etc etc
So you're saying Google and Cloudflare, just as an example, should block consumers of other ISPs because they run "unpatched" software or they have malware running on their devices? Lol, this is a very absurd and narrow minded view how the internet works. You deal with the traffic, you don't randomly block eyeball networks because they're attacking you.
