[82801] in North American Network Operators' Group
Re: Provider-based DDoS Protection Services
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Jul 29 03:28:52 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: Suresh Ramasubramanian <ops.lists@gmail.com>
Cc: John Neiberger <jneiberger@gmail.com>,
"Fergie (Paul Ferguson)" <fergdawg@netzero.net>, nanog@nanog.org
Date: Fri, 29 Jul 2005 09:27:57 +0200
In-Reply-To: <bb0e440a050729001416ebf90e@mail.gmail.com> (Suresh
Ramasubramanian's message of "Fri, 29 Jul 2005 12:44:56 +0530")
Errors-To: owner-nanog@merit.edu
* Suresh Ramasubramanian:
> On 29/07/05, Florian Weimer <fw@deneb.enyo.de> wrote:
>>
>> Anyway, you should examine *why* you (or your customers) are attacked,
>> and address that. Everything else is likely cost-effective. Of
>> course, this might mean you have to do without some revenue if you
>> have customers that are DoS magnets for some reason.
>>
>
> Not allowing your users to run eggdrop or other irc bots on the shells
> you give them, and generally not hosting irc stuff would definitely
> help there.
Definitely. You should also help your customer to detect successful
break-ins. Compromised machines are often used in very questionable
contexts and quickly become targets of DoS attacks as well (not your
average owned home computer, of course, it's more about multi-user
UNIX machines).
