nanog mailing list archives
Re: Identifying DoS-attacked IP address(es)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Tue, 17 Dec 2002 00:28:57 +0000 (GMT)
On Mon, 16 Dec 2002, Feger, James wrote:
AT&T also does the basics. ACL's, null routes, tracking back to ingress.
as does sprint and C&W. MFN can sometimes help, depends on who you talk to as I recall, and Verio is quick to fix problems... L3 had some problems in the past, my last experience with them was 'ok' though not stellar. I'm having a bit of trouble getting more off the top of my head, aside from the George Mason Computer group that just unplugged a machine in a dorm for me :)
-james On Mon, 16 Dec 2002, James-lists wrote:I'm sure you can look in the archives of this list formessages from meabout this very thing... :) In short: "Every ISP shouldhave 24/7 securitysupport for customers under attack." That support shouldinclude, acls,null routes, tracking the attack to the ingress. Rarely dorate-limits doany good in the case of DoS attacks... (this part is adebate for anotherthread)Yes, we have those ready to go. And tools like Snort/Spade and Net Flow to identify the problem and suggest ACL's and null routes, ect. My question is more about an upstream provider for an ISP (I was calling this backbone). Clearly UU has a system well in place but I would like to hear others experiences with their upstream providers and DoS's. I know what kind of help me upstreams will provide, as I have asked, I am just trying to get a feel for others experiences. James Edwards jamesh () cybermesa com At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday Phone support 365 days till 10 pm via the Santa Fe office: 505-988-9200
Current thread:
- Re: Identifying DoS-attacked IP address(es), (continued)
- Re: Identifying DoS-attacked IP address(es) Neil J. McRae (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Neil J. McRae (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Livio Ricciulli (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) James-lists (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) James-lists (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Feger, James (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Valdis . Kletnieks (Dec 16)
- Message not available
- RE: Identifying DoS-attacked IP address(es) Livio Ricciulli (Dec 16)