[175921] in North American Network Operators' Group
Re: Reporting DDOS reflection attacks
daemon@ATHENA.MIT.EDU (Miles Fidelman)
Sat Nov 8 08:50:28 2014
X-Original-To: nanog@nanog.org
Date: Sat, 08 Nov 2014 08:50:15 -0500
From: Miles Fidelman <mfidelman@meetinghouse.net>
CC: nanog@nanog.org
In-Reply-To: <CACrsH-553kDSuKYnte=apYh8Sw4EGj3rh3+0dtJrA18SW0ijkw@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
I can offer an indirect story, and not quite a reflection attack, but a
DDoS one.
We happen to have a host that had an IPMI board exposed to the net, that
got compromised, and became a vector for a DDoS attack. The target
reported the attack to at least some of the sources, including
Windstream/Hosted Solutions, where this particular server is located.
They contacted me, and I dealt with things with about a 1-hour
turn-around from when a trouble ticket hit my inbox (well, still dealing
with things - that IPMI card is offline until I get around to securing
it, and it's the occasional reboot-by-phone-call until then). So at
least one small success.
Miles Fidelman
McDonald Richards wrote:
> Out of curiosity, have any of you had luck reporting the sources of attacks
> to the admins of the origin ASNs?
>
> Any failure or success stories you can share?
>
> Macca
>
>
> On Sat, Nov 8, 2014 at 6:20 PM, Paul Bennett <paul.w.bennett@gmail.com>
> wrote:
>
>> On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins@arbor.net> wrote:
>>> On 8 Nov 2014, at 1:56, srn.nanog@prgmr.com wrote:
>>>
>>>> But right now how should we be doing it?
>>> <http://www.team-cymru.org/Services/ip-to-asn.html>
>> Once you get the ASN or at least the domain name of the ISP providing
>> service to the reflecting host, several major reputable ISPs
>> (including my employer, who I can't name because I'm not an official
>> spokesperson) will welcome RFC 5070 "IODEF" reports for general
>> network abuse and RFC 5965 "MARF" format for email abuse, directed to
>> abuse@ the main domain for that ISP.
>>
>> http://www.ietf.org/rfc/rfc5070.txt
>>
>> http://www.ietf.org/rfc/rfc5965.txt
>>
>>
>>
>> --
>> Paul W Bennett
>>
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
