Re: DoS attacks, NSPs unresponsiveness (fwd)

[Jeff Workman <jworkman () pimpworks org>]

Stoned koala bears drooled eucalyptus spit in awe as John Payne exclaimed:

> On Tue, Nov 07, 2000 at 10:09:20PM -0500, Christopher L. Morrow wrote:
> > For the others on this list, if you are a UUNET customer you can call our
> > Security Department if you ever have any issues with security, DoS, fraud,
> > spam, or the like. If you are under DoS attack either one of my engineers
> > will stop and track the attack, or I will do it... it's what we get paid
> > to do. If you are NOT a UUNET customer you know that other ISP's (Tier 1's
> > atleast) do NOT filter attack traffic, and they do NOT track attacks. The
> > ONLY exceptions to this are: Genuity, Global Crossing and at one time
> > Verio.

This is *entirely* untrue, and is a prime example of the shameless 
self-promotion that seems to be rampant on this list lately.  I do not
work for any of the above-mentioned Tier 1 providers and I know for a fact
that we have a level-1 security staff on duty 24/7 to handle such
incidents, and if they can't handle it, then they page somebody who
can.  There has been numerous occasions where I have spent all night on
the phone with a customer, working with them to find a solution that
thwarts a DoS attack while minimizing the negative effects on thier
network and our's.
 
> The only exceptions that you know of perhaps.  As a former employee of 
> AT&T Global Network Services (ibm.net), I know for a fact that AGNS responded
> promptly to any DoS reports called into our helpdesk, regardless of whether
> they were a paying customer, downstream of a customer or a peer.

*sigh* It's a shame, though, that they are less than responsive about
other forms abuse, and even less responsive than that about fixing their
misconfigured SNMP monitoring software that tries to access routers that
do not belong to them.
 
> I would also like to know UUNETs policy for peers, as I have first hand experience
> of other large ISPs who's helpdesks refused to take my phone call for assistance
> in tracking and blocking an on going attack because "you must be mistaken, the
> only way you would have a pipe into our network is if you are a customer".

This seems to be the case more often than not, and it explains why a lot
of network/security engineers won't even bother attempting to trace a DoS
attack to their borders, because they know that they're wasting their
time.  Sure, they can tell the customer that it's originating from ASXXX
or network XXX but if ASXXX or network XXX won't listen to you, what good
does it do?
 
Jeff
Representing only myself, as my employer has an advertising department to
promote them in the appropriate venues.
-- 
"For competitive reasons we can't tell you the location of our fiber."
        -- An anonymous representative of a very large telco
"For competitive reasons we can't tell you the location of our backhoe."
        -- An anonymous representative of a contractor.