[71638] in North American Network Operators' Group
real-time DDoS help?
daemon@ATHENA.MIT.EDU (Charles Sprickman)
Sat Jun 19 22:06:34 2004
Date: Sat, 19 Jun 2004 22:04:36 -0400 (EDT)
From: Charles Sprickman <spork@inch.com>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Howdy,
Is there any place where people with experience dealing with DDoS attacks
hang out? I'm getting very little assistance from my upstream beyond
"call whomever is in charge of each IP attacking and make them stop", and
"even though we null route the destination IP being attacked, this traffic
will be billed".
I've got a nice snippet of flows, so I can mostly see where everything is
coming from, and it's obvious what the target is, but my
flow-stat/flow-report skills are pretty weak.
Oddly, in eight years of working for smallish ISPs I've never been hit
very hard, believe it or not. Is the response from my upstream typical?
I was expecting a bit more cooperation rather than them seeing as this as
an opportunity to bill me for lots of traffic.
Thanks,
Charles
--
Charles Sprickman
spork@inch.com
