[39473] in North American Network Operators' Group
Re: DDoS attacks
daemon@ATHENA.MIT.EDU (Jon O .)
Thu Jul 12 01:37:42 2001
Date: Wed, 11 Jul 2001 22:36:59 -0700
From: "Jon O ." <jono@microshaft.org>
To: Roeland Meyer <rmeyer@mhsc.com>
Cc: "'Scott Francis'" <darkuncle@darkuncle.net>,
"Richard A. Steenbergen" <ras@e-gerbil.net>,
Ariel Biener <ariel@fireball.tau.ac.il>, nanog@merit.edu
Message-ID: <20010711223658.F15099@networkcommand.com>
Reply-To: "jono@networkcommand.com" <jono@microshaft.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="JBi0ZxuS5uaEhkUZ"
Content-Disposition: inline
In-Reply-To: <EA9368A5B1010140ADBF534E4D32C728025A05@condor.mhsc.com>; from rmeyer@mhsc.com on Wed, Jul 11, 2001 at 08:18:30PM -0700
Errors-To: owner-nanog-outgoing@merit.edu
--JBi0ZxuS5uaEhkUZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Ariel:
If you don't have these links already, they contain many resources for DDoS attack prevention and protection:
http://staff.washington.edu/dittrich/misc/ddos/
http://www.cisco.com/warp/public/707/22.html
http://www.denialinfo.com/
The only few things you can do on your end are:
TCP Intercept
Rate-limiting
Conacting your upstream ISP
Contacting ISP managing the sources of the attack
Other people might have more/other suggestions.
You initial email asked for AboveNet contact. Did you get some assistance and if so what was the resolution? This is very important for us to know so we can kind of keep track of cooperative ISPs and the ones that just ignore these problems.
Thanks,
Jon
--JBi0ZxuS5uaEhkUZ
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7TTd66nXMS6O+1XQRAn2eAJ9wohRnQNFa85jar2QCHYNoyw6GMgCfTmzs
RSdyIPD1/ey0g8yRobQPXaM=
=q+CV
-----END PGP SIGNATURE-----
--JBi0ZxuS5uaEhkUZ--
