[54790] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Fri Jan 17 00:11:05 2003
Date: Fri, 17 Jan 2003 05:05:37 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: <Valdis.Kletnieks@vt.edu>
Cc: "Christopher L. Morrow" <chris@UU.NET>, <nanog@merit.edu>
In-Reply-To: <200301170500.h0H50Yxw012900@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, 17 Jan 2003 Valdis.Kletnieks@vt.edu wrote:
> On Fri, 17 Jan 2003 04:29:07 GMT, "Christopher L. Morrow" said:
> >
> > > How quickly is quickly? Often times as has been my recent experience
> > > (part of my motivation for posting this thread) the flood is over before
> > > one can get a human being on the phone.
> >
> > Once the call arrives and the problem is deduced it can be tracked in a
> > matter of minutes, like 6-10 at the fastest...
>
> Yes, but *YOUR* crew has a reputation for having a clue. I'm willing to
We appreciate the kind words :)
> bet that "once the call arrives" is a challenge for a lot of smaller ISPs
> that don't even *HAVE* a security team, and "the problem is deduced" is
> a challenge for the ones that have a team that don't have a clue.
>
This gets down to something I've harped on for a while now... if you drive
a car you must have a license and pass a test. If you run a network on the
internet you really should have 24/7 security clued person(s) available to
stop/track/mitigate security issues.
> We see a *LOT* of postings here "anybody know a clueful at XYZ, we've been
> DDoS'ed for 36 hours"....
Yup, and its a shame that that is the case :( Perhaps they should become
UUNET customers and then they can just call us? :) People move for cheap
bandwidth alot, I wonder how the value proposition works out when you are
down and paying SLA's to your customers due to a hosted dalnet server
getting attacked for 36 hours?
