Re: Identifying DoS-attacked IP address(es)

["Christopher L. Morrow" <chris () UU NET>]

On Mon, 16 Dec 2002, Feger, James wrote:

> AT&T also does the basics.  ACL's, null routes, tracking back to ingress.

as does sprint and C&W. MFN can sometimes help, depends on who you talk to
as I recall, and Verio is quick to fix problems... L3 had some problems in
the past, my last experience with them was 'ok' though not stellar. I'm
having a bit of trouble getting more off the top of my head, aside from
the George Mason Computer group that just unplugged a machine in a dorm
for me :)

> -james
>
>
> On Mon, 16 Dec 2002, James-lists wrote:
>
> > > I'm sure you can look in the archives of this list for
> > messages from me
> > > about this very thing... :) In short: "Every ISP should
> > have 24/7 security
> > > support for customers under attack." That support should
> > include, acls,
> > > null routes, tracking the attack to the ingress. Rarely do
> > rate-limits do
> > > any good in the case of DoS attacks... (this part is a
> > debate for another
> > > thread)
> >
> > Yes, we have those ready to go. And tools like Snort/Spade
> > and Net Flow to identify the problem
> > and suggest ACL's and null routes, ect. My question is more
> > about an upstream provider for an ISP
> > (I was calling this backbone). Clearly UU has a system well
> > in place but I would like to hear others experiences
> > with their upstream providers and DoS's. I know what kind of
> > help me upstreams will provide, as I have asked,
> > I am just trying to get a feel for others experiences.
> >
> > James Edwards
> > jamesh () cybermesa com
> > At the Santa Fe Office: Internet at Cyber Mesa
> > Store hours: 9-6 Monday through Friday
> > Phone support 365 days till 10 pm via the Santa Fe office:
> > 505-988-9200