[175917] in North American Network Operators' Group
Re: Reporting DDOS reflection attacks
daemon@ATHENA.MIT.EDU (Paul Bennett)
Sat Nov 8 02:22:09 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <51804DD4-CB63-463B-BFB5-EF5679F744ED@arbor.net>
Date: Sat, 8 Nov 2014 02:20:05 -0500
From: Paul Bennett <paul.w.bennett@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
>
> On 8 Nov 2014, at 1:56, srn.nanog@prgmr.com wrote:
>
>> But right now how should we be doing it?
>
> <http://www.team-cymru.org/Services/ip-to-asn.html>
Once you get the ASN or at least the domain name of the ISP providing
service to the reflecting host, several major reputable ISPs
(including my employer, who I can't name because I'm not an official
spokesperson) will welcome RFC 5070 "IODEF" reports for general
network abuse and RFC 5965 "MARF" format for email abuse, directed to
abuse@ the main domain for that ISP.
http://www.ietf.org/rfc/rfc5070.txt
http://www.ietf.org/rfc/rfc5965.txt
--
Paul W Bennett
