[54791] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (hc)
Fri Jan 17 00:13:29 2003
Date: Fri, 17 Jan 2003 00:06:38 -0500
From: hc <haesu@towardex.com>
To: Valdis.Kletnieks@vt.edu
Cc: "Christopher L. Morrow" <chris@UU.NET>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
--------------090603060902070201060500
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
My previous experience with UUNET security team was excellent dealing
with DoS.
I am not here to point fingers, but my DoS-response experience with
various Tier-2/3 level ISP's was like talking to some K-12 teacher who
barely knows what internet is. It really takes hours to get thru and
reach a competent engineer on the phone. And that's the major
frustration of a LOT customers getting DoSed/DDoSed/DrDoSed off the
planet everyday.
-hc
Valdis.Kletnieks@vt.edu wrote:
>On Fri, 17 Jan 2003 04:29:07 GMT, "Christopher L. Morrow" said:
>
>
>>>How quickly is quickly? Often times as has been my recent experience
>>>(part of my motivation for posting this thread) the flood is over before
>>>one can get a human being on the phone.
>>>
>>>
>>Once the call arrives and the problem is deduced it can be tracked in a
>>matter of minutes, like 6-10 at the fastest...
>>
>>
>
>Yes, but *YOUR* crew has a reputation for having a clue. I'm willing to
>bet that "once the call arrives" is a challenge for a lot of smaller ISPs
>that don't even *HAVE* a security team, and "the problem is deduced" is
>a challenge for the ones that have a team that don't have a clue.
>
>We see a *LOT* of postings here "anybody know a clueful at XYZ, we've been
>DDoS'ed for 36 hours"....
>
>
--------------090603060902070201060500
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
My previous experience with UUNET security team was excellent dealing with
DoS.<br>
<br>
I am not here to point fingers, but my DoS-response experience with various
Tier-2/3 level ISP's was like talking to some K-12 teacher who barely knows
what internet is. It really takes hours to get thru and reach a competent
engineer on the phone. And that's the major frustration of a LOT customers
getting DoSed/DDoSed/DrDoSed off the planet everyday.<br>
<br>
-hc<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Valdis.Kletnieks@vt.edu">Valdis.Kletnieks@vt.edu</a> wrote:<br>
<blockquote type="cite"
cite="mid200301170500.h0H50Yxw012900@turing-police.cc.vt.edu">
<pre wrap="">On Fri, 17 Jan 2003 04:29:07 GMT, "Christopher L. Morrow" said:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">How quickly is quickly? Often times as has been my recent experience
(part of my motivation for posting this thread) the flood is over before
one can get a human being on the phone.
</pre>
</blockquote>
<pre wrap="">Once the call arrives and the problem is deduced it can be tracked in a
matter of minutes, like 6-10 at the fastest...
</pre>
</blockquote>
<pre wrap=""><!---->
Yes, but *YOUR* crew has a reputation for having a clue. I'm willing to
bet that "once the call arrives" is a challenge for a lot of smaller ISPs
that don't even *HAVE* a security team, and "the problem is deduced" is
a challenge for the ones that have a team that don't have a clue.
We see a *LOT* of postings here "anybody know a clueful at XYZ, we've been
DDoS'ed for 36 hours"....
</pre>
</blockquote>
<br>
<br>
</body>
</html>
--------------090603060902070201060500--
