Security Incidents mailing list archives
Re: ISP Filtering (Survey of Sorts)
From: "Christian Schwalm" <schwalm () informatik uni-hannover de>
Date: Fri, 1 Jun 2001 22:46:54 +0200
Hi everyone !
T1 and up providers dont get their hands dirty with client specific router configuration for the same reasons that consultants get paid Big Money: it requires a lot of work and generally speaking, an ongoing degree of effort.
I just have to throw in a personal experience here: Some days ago a friend of mine was target of a (still possible) smurf attack. His logs showed a large number of ICMP echo replies from hosts we found out were in subnets with open broadcasts. The 2mbit uplink provided by the "Deutsche Telekom" was rendered useless by this attack. Blocking them in his routers was not an option because all he had access to was behind the 2mbit line. My 2 advices were: * Wait until its over. (That was not an option for him because the company he worked for needed the uplink badly.) * Ask your provider to temporarily block all ICMP´s in a backbone router or something a little higher in the food chain. Everyone with knowledge about the size of "Deutsche Telekom" and the relative meaning of this 2mbit to them might think: spend the 50 cents of that phonecall somewhere else - its better invested. But after 2 calls there was a ticket opened and 3 hours later the DoS stopped because the ICMP´s were blocked, with the DT effectively taking over the traffic costs. I had similar experiences with ECRC/Cable&Wireless while I was working for an internet startup. So i think: Evene huge ISP´s can act quickly if you a) ask politely b) deliver logs making them understand that you are not "hunting ghosts" c) make it clear, that this is very important for you cheers, Chrissi -- Christian "eldoc" Schwalm schwalm () informatik uni-hannover de
Current thread:
- Re: ISP Filtering (Survey of Sorts) Jason Storm (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Christian Schwalm (Jun 02)
- <Possible follow-ups>
- RE: ISP Filtering (Survey of Sorts) Jason Lewis (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Kath (Jun 01)
- RE: ISP Filtering (Survey of Sorts) Booth, David CWT-MSP (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Joe Shaw (Jun 01)
- Re: ISP Filtering (Survey of Sorts) Nick FitzGerald (Jun 02)
- Re: ISP Filtering (Survey of Sorts) macdaddy (Jun 02)
- Re: ISP Filtering (Survey of Sorts) Jens Hektor (Jun 03)
- Re: ISP Filtering (Survey of Sorts) Brett Glass (Jun 02)