[47289] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Basil Kruglov)
Thu May 2 01:03:49 2002
Date: Wed, 1 May 2002 23:57:56 -0500
From: Basil Kruglov <basil@cifnet.com>
To: nanog@merit.edu
Message-ID: <20020502045756.GA25873@shell.cifnet.com>
Reply-To: nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.33.0205020439550.11583-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, May 02, 2002 at 04:45:43AM +0000, Christopher L. Morrow wrote:
> On Wed, 1 May 2002, Wojtek Zlobicki wrote:
> >
> > Where are providers drawing the line ? Anyone have somewhat detailed
> > published policies as to what a provider can do in order to protect their
> > nework as a whole.
> > At what point (strength of the attack) does a customers netblock (assuming a
> > /24 for
> > example) get null routed by whichever party.
>
> Most providers likely have a policy similar to: "I can't sacrafice 1
> my network for 1 customer". So, if the attack is sufficient to degrade
> service on the ISP network most likely the customer under attack will get
> null routed.
Are you saying UUnet, assuming for a sec that I am a customer of UUnet (just
for the sake of the argument), UU will not null route my ircd if it
it gets attacked on regular basis, say *daily* ?
Furthermore you are going to consistently place filters on your routers,
take them out within the 24h (or whatever then-current policy of UUnet is)
and track attacks back to their sources within the boundaries of your
backbone on a daily basis? ;)
Will you do that for say a regular T1 customer or do I need more "commitment"
as sales droids like to put it, to even consider such a service ? ;)
> Hmm, perhaps FIRST customers should insist that their ISP have some 24/7
> security contact that can actually help in the case of an attack. Today
> there are very few that have this capability. I'd say from personal
> experience that the number is way too small, even in the 'large' ISP arena
> :(
>
> More pressure from customers for real security would be a good start.
sigh, tried and failed, miserably I might add.
-Basil
