nanog mailing list archives

Re: DoS Attacks

From: Haesu <haesu () towardex com>
Date: Wed, 8 Oct 2003 00:32:38 -0400


First of all, have your tools ready so that whenever DoS pounds on you, you can
immediately activate them and they will give you an overview of the DoS attack
such as size of the attack, source/dest (random or one/two or spoofed?), et al.

Then you need to contact your upstream first to hve them deal with it, and yes
I understand, most SDSL providers do not like to cooperate.

Considering it takes me 1 hour of buerocracy to get an ACL put up during a DoS 
to my current providers, getting an ACL activated by SDSL team is.....psh....
utterly hopeless unless you have people connections :( 

If you can't afford T1/T3 type of circuits where you can at least call up your
upstream (doesnt matter how long it takes them to put up the ACL, the point is,
will they?), then I hate to say... I don't think there is much you can do :-(

-hc

-- 
Haesu C.
TowardEX Technologies, Inc.
Consulting, colocation, web hosting, network design and implementation
http://www.towardex.com | haesu () towardex com
Cell: (978)394-2867     | Office: (978)263-3399 Ext. 170
Fax: (978)263-0033      | POC: HAESU-ARIN


On Wed, Oct 08, 2003 at 12:03:19AM -0400, Brian Bruns wrote:


----- Original Message ----- 
From: "Mark Radabaugh" <mark () amplex net>
To: <nanog () merit edu>
Sent: Tuesday, October 07, 2003 11:56 PM
Subject: Re: DoS Attacks


I think I would follow two avenues next time - the direct approach with

FSU

(or wherever the traffic is coming from) as well as with your DSL

provider.

Your upstream should be able to assist in at least keeping the traffic off
of your dedicated line.

Whether your DSL provider has the resources to sink the traffic may be
another matter  -- but they are at least in a position to help you and
(since you are paying them) have an interest in dealing with you.


I hate to say this, but Ameritech/SBC is utterly useless in matters like
this.  I mean, at one point their redback was being nailed, and they didn't
seem to care one bit.  After 5pm, everyone with a clue seems to leave, and
we are left with useless low level help desk techs.

Our DSL service isn't bad - in fact it rarely goes down.  The problem is
that when we need their help with something out of our league, they are
completely useless.  Anyone know of a contact number for SBC/Ameritech that
would be useful in a case like this?


--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511

Current thread:

DoS Attacks Brian Bruns (Oct 07)
- Re: DoS Attacks Mark Radabaugh (Oct 07)
  - Re: DoS Attacks Brian Bruns (Oct 07)
    - Re: DoS Attacks Haesu (Oct 07)
    - Re: DoS Attacks Martin Hepworth (Oct 08)
    - Re: DoS Attacks Andrew D Kirch (Oct 08)
    - Re: DoS Attacks Alan Spicer (Oct 08)
    - Re: DoS Attacks Haesu (Oct 08)
    - Re: DoS Attacks Laurence F. Sheldon, Jr. (Oct 08)
- Re: DoS Attacks Avleen Vig (Oct 07)
  - Re: DoS Attacks Sean Donelan (Oct 07)
- Re: DoS Attacks Scott Stursa (Oct 08)