[39474] in North American Network Operators' Group
Re: DDoS attacks
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Thu Jul 12 01:47:03 2001
Message-Id: <4.3.2.7.2.20010712083927.00ac3100@max.att.net.il>
Date: Thu, 12 Jul 2001 08:43:29 +0200
To: "jono@networkcommand.com" <jono@microshaft.org>,
Roeland Meyer <rmeyer@mhsc.com>
From: Hank Nussbacher <hank@att.net.il>
Cc: "'Scott Francis'" <darkuncle@darkuncle.net>,
"Richard A. Steenbergen" <ras@e-gerbil.net>,
Ariel Biener <ariel@fireball.tau.ac.il>, nanog@merit.edu
In-Reply-To: <20010711223658.F15099@networkcommand.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
At 22:36 11/07/01 -0700, Jon O . wrote:
>Ariel:
>
>
>If you don't have these links already, they contain many resources for
>DDoS attack prevention and protection:
>http://staff.washington.edu/dittrich/misc/ddos/
>http://www.cisco.com/warp/public/707/22.html
>http://www.denialinfo.com/
>
>The only few things you can do on your end are:
> TCP Intercept
> Rate-limiting
> Conacting your upstream ISP
> Contacting ISP managing the sources of the attack
>
>Other people might have more/other suggestions.
>
>You initial email asked for AboveNet contact. Did you get some assistance
>and if so what was the resolution? This is very important for us to know
>so we can kind of keep track of cooperative ISPs and the ones that just
>ignore these problems.
And then what? Suppose you had a list of non-cooperative ISPs? What
then? Experience has shown that the ISPs that don't care, won't care no
matter what you say or do (those who follow FIRST know I have a lot to say
on this matter, but have been holding back to give those non-cooperative
ISPs time to make matters right - we are now on day 5 of a continuous
non-spoofed 20Mb/sec dDoS attack :-)). Convince me why a list of
non-cooperative ISPs is a thing that would help.
-Hank
>Thanks,
>Jon
