nanog mailing list archives
Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Wed, 7 May 2003 03:42:57 +0000 (GMT)
On Tue, 6 May 2003, Scott Granados wrote:
Unless you actually call UUnet and your not a customer, God help you then.
The problem is that ALL isp's (large ones atleast) are setup to handle direct customers only. They expect downstreams of downstreams to call the downstream first :( There is authentication information setup and ready to figure out that Scott from Internap is in fact Scott from Internap and not Scott from wworks :( This impedes the process for some situations, like attacks. It also protects the direct customer and the customer's customer from social engineering attacks.
Some companies are very very good at dealing with DDOS, Internap being one and UUNET if you are a customer another. Even a post here although maybe not exactly proper will get you responses from people like Chris and so on who can and will be helpful.
There are other ways to get in touch with me or brian or with other ISP's. In the last few months some outside folks have started getting together some cross provider contact methods. These are making contact much easier for things of this sort. Apparently the Gov't gotten onto the tip that there is little if any interprovider communications :( (Atleast for security) So, the long and the short of it is things are getting better...
----- Original Message ----- From: "Phil Rosenthal" <pr () isprime com> To: "E.B. Dreger" <eddy+public+spam () noc everquick net>; <nanog () merit edu> Sent: Tuesday, May 06, 2003 5:02 PM Subject: Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)On 5/6/03 7:51 PM, "E.B. Dreger" <eddy+public+spam () noc everquick net>wrote:SD> Date: Tue, 6 May 2003 19:28:48 -0400 (EDT) SD> From: Sean Donelan SD> The Pakistan Telecommunications Company Ltd has aquired a SD> firewall to solve the DDOS situation impacting Internet SD> service in the country. An unnamed security advisor asserted SD> the proper use of a firewall would control the DDOS attacks SD> and prevent hacking. Now the DDoS melts the pipes _and_ the firewall. I'd like to know if said "consultant" ever considered recommending the PTC contact their upstreams for help with backtrace/blocking. Anyone with a modicum of clue (or Google access) should figure out that one...Not every upstream is as clueful as Uunet, and not every noc employee isasclueful as Chris and Brian at UUnet. It has been my experience that most upstreams have no concept that theyCANbacktrace, and generally have no interest in helping you do it. I'm not mudslinging here, so I won't say who my experience is with, but a few transitless/near transitless upstreams I've dealt with were mostunhelpful,either because they didn't know how to help, or worse, they did know howtohelp and didn't care. And, depending on the nature of the DDoS attack, perhaps it isn't relatedtosaturation, but rather to overloading router processors, or something else that can effectively be filtered customer-side? Our policy as of late has just been to make sure we have equipment on our side fast enough to filter at wire speed, and get enough capacity to our upstreams that it is signifigantly unlikely that anyone could generate enough traffic to saturate it (in which case, we would have no choice buttoask carriers to filter, and backtrace). --Phil ISPrimeEddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist () brics com> To: blacklist () brics com Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist () brics com>, or you are likely to be blocked.
Current thread:
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement), (continued)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Rob Thomas (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Scott Granados (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Christopher L. Morrow (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Scott Granados (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Tim Wilde (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Christopher L. Morrow (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Scott Granados (May 07)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Leo Bicknell (May 07)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Christopher L. Morrow (May 07)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Stephen J. Wilcox (May 07)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) Christopher L. Morrow (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement) David Barak (May 07)
- NOC responses when advised of ongoing DoS attacks (Was Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)) Niels Bakker (May 07)
- Re: NOC responses when advised of ongoing DoS attacks (Was Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)) Christopher L. Morrow (May 07)
- Re: NOC responses when advised of ongoing DoS attacks (Was Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)) David Barak (May 07)
- Re: We have a firewall (was Re: Pakistan government orders ISP service level agreement) Christopher L. Morrow (May 06)
- Re: We have a firewall (was Re: Pakistan government orders ISP service level agreement) Stephen J. Wilcox (May 07)
- Re: We have a firewall (was Re: Pakistan government orders ISP service level agreement) Rob Pickering (May 07)
- Re: Pakistan government orders ISP service level agreement Daniel Senie (May 05)
- Re: Pakistan government orders ISP service level agreement Vijay Gill (May 05)