[54191] in North American Network Operators' Group
Re: Identifying DoS-attacked IP address(es)
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Mon Dec 16 17:12:59 2002
Date: Mon, 16 Dec 2002 22:12:15 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: James-lists <hackerwacker@cybermesa.com>
Cc: <nanog@nanog.org>
In-Reply-To: <018001c2a54e$15e95300$0200000a@jamesnew>
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 16 Dec 2002, James-lists wrote:
>
> I am wondering how much help backbone providers give in
> identifying sources of a DoS and deciding what ACL's or
> rate-limits need to be placed to bring a DoS under control,
I'm sure you can look in the archives of this list for messages from me
about this very thing... :) In short: "Every ISP should have 24/7 security
support for customers under attack." That support should include, acls,
null routes, tracking the attack to the ingress. Rarely do rate-limits do
any good in the case of DoS attacks... (this part is a debate for another
thread)
> for their downstream clients. (Assuming it is their
> downstream clients that are being DoS'ed).
> I realize this will vary from provider to provider, I am
> just seeking peoples experiences with this issue.
>
it may vary, but there really should be an expected minimum standard.
> James Edwards
> jamesh@cybermesa.com
> At the Santa Fe Office: Internet at Cyber Mesa
> Store hours: 9-6 Monday through Friday
> Phone support 365 days till 10 pm via the Santa Fe office:
> 505-988-9200
>
>
>
>
