[47292] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu May 2 01:18:36 2002
Date: Thu, 2 May 2002 05:15:06 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: <nanog@merit.edu>
In-Reply-To: <20020502045756.GA25873@shell.cifnet.com>
Message-ID: <Pine.GSO.4.33.0205020512540.11583-100000@rampart.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 1 May 2002, Basil Kruglov wrote:
>
> On Thu, May 02, 2002 at 04:45:43AM +0000, Christopher L. Morrow wrote:
> > On Wed, 1 May 2002, Wojtek Zlobicki wrote:
> > >
> > > Where are providers drawing the line ? Anyone have somewhat detailed
> > > published policies as to what a provider can do in order to protect their
> > > nework as a whole.
> > > At what point (strength of the attack) does a customers netblock (assuming a
> > > /24 for
> > > example) get null routed by whichever party.
> >
> > Most providers likely have a policy similar to: "I can't sacrafice 1
> > my network for 1 customer". So, if the attack is sufficient to degrade
> > service on the ISP network most likely the customer under attack will get
> > null routed.
>
> Are you saying UUnet, assuming for a sec that I am a customer of UUnet (just
> for the sake of the argument), UU will not null route my ircd if it
> it gets attacked on regular basis, say *daily* ?
I did not say that.
>
> Furthermore you are going to consistently place filters on your routers,
> take them out within the 24h (or whatever then-current policy of UUnet is)
> and track attacks back to their sources within the boundaries of your
> backbone on a daily basis? ;)
>
uhm... sure, we do this now... or have you not been paying attention?
> Will you do that for say a regular T1 customer or do I need more "commitment"
> as sales droids like to put it, to even consider such a service ? ;)
>
read above.
> > Hmm, perhaps FIRST customers should insist that their ISP have some 24/7
> > security contact that can actually help in the case of an attack. Today
> > there are very few that have this capability. I'd say from personal
> > experience that the number is way too small, even in the 'large' ISP arena
> > :(
> >
> > More pressure from customers for real security would be a good start.
>
> sigh, tried and failed, miserably I might add.
>
Then become a UUNET customer cause we already do this... Perhaps other
providers with 24/7 security teams will pipe up to give potential
customers a heads-up on options other than UUNET? If you go with UUNET
please tell the sales driod I sent you cause then I get 50 bucks :) (my
only raise thanks to bernie)
