[58289] in North American Network Operators' Group
Re: We have a firewall (was Re: Pakistan government orders ISP
daemon@ATHENA.MIT.EDU (Phil Rosenthal)
Tue May 6 20:04:28 2003
Date: Tue, 06 May 2003 20:02:35 -0400
From: Phil Rosenthal <pr@isprime.com>
To: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>,
<nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.44.0305062347070.23019-100000@www.everquick.net>
Errors-To: owner-nanog-outgoing@merit.edu
On 5/6/03 7:51 PM, "E.B. Dreger" <eddy+public+spam@noc.everquick.net> wrote:
>
> SD> Date: Tue, 6 May 2003 19:28:48 -0400 (EDT)
> SD> From: Sean Donelan
>
>
> SD> The Pakistan Telecommunications Company Ltd has aquired a
> SD> firewall to solve the DDOS situation impacting Internet
> SD> service in the country. An unnamed security advisor asserted
> SD> the proper use of a firewall would control the DDOS attacks
> SD> and prevent hacking.
>
> Now the DDoS melts the pipes _and_ the firewall. I'd like to
> know if said "consultant" ever considered recommending the PTC
> contact their upstreams for help with backtrace/blocking. Anyone
> with a modicum of clue (or Google access) should figure out that
> one...
>
Not every upstream is as clueful as Uunet, and not every noc employee is as
clueful as Chris and Brian at UUnet.
It has been my experience that most upstreams have no concept that they CAN
backtrace, and generally have no interest in helping you do it. I'm not
mudslinging here, so I won't say who my experience is with, but a few
transitless/near transitless upstreams I've dealt with were most unhelpful,
either because they didn't know how to help, or worse, they did know how to
help and didn't care.
And, depending on the nature of the DDoS attack, perhaps it isn't related to
saturation, but rather to overloading router processors, or something else
that can effectively be filtered customer-side?
Our policy as of late has just been to make sure we have equipment on our
side fast enough to filter at wire speed, and get enough capacity to our
upstreams that it is signifigantly unlikely that anyone could generate
enough traffic to saturate it (in which case, we would have no choice but to
ask carriers to filter, and backtrace).
--Phil
ISPrime
>
> Eddy
> --
> Brotsman & Dreger, Inc. - EverQuick Internet Division
> Bandwidth, consulting, e-commerce, hosting, and network building
> Phone: +1 (785) 865-5885 Lawrence and [inter]national
> Phone: +1 (316) 794-8922 Wichita
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
> From: A Trap <blacklist@brics.com>
> To: blacklist@brics.com
> Subject: Please ignore this portion of my mail signature.
>
> These last few lines are a trap for address-harvesting spambots.
> Do NOT send mail to <blacklist@brics.com>, or you are likely to
> be blocked.
>
