nanog mailing list archives
Re: Compromised Hosts?
From: Mike Tancsa <mike () sentex net>
Date: Sun, 21 Mar 2004 22:07:56 -0500
At 07:26 PM 21/03/2004, Deepak Jain wrote:
Nanogers -Would any broadband providers that received automated, detailed (time/date stamp, IP information) with hosts that are being used to attack (say as part of a DDOS attack) actually do anything about it?
From my experiences, some are much better than others. The main thing I think is to make it as clear and as easy to for the provider to act on the issue. So include things like, source IP,port, dest IP,port, time stamps in GMT. Note that the time is actually accurate--i.e. your clocks are NTP sync'd and make that clear in the report.
Would the letter have to include information like "x.x.x.x/32 has been blackholed until further notice or contact with you" to be effective?
No.---Mike
Current thread:
- Compromised Hosts? Deepak Jain (Mar 21)
- Re: Compromised Hosts? Dan Hollis (Mar 21)
- Re: Compromised Hosts? Paul Vixie (Mar 21)
- Re: Compromised Hosts? Mike Tancsa (Mar 21)
- Re: Compromised Hosts? Richard Cox (Mar 22)
- <Possible follow-ups>
- RE: Compromised Hosts? Dan Ellis (Mar 21)
- RE: Compromised Hosts? Ejay Hire (Mar 22)
- Re: Compromised Hosts? Richard A Steenbergen (Mar 22)
- RE: Compromised Hosts? Ejay Hire (Mar 22)