Re: Request for contact and procedure information

[Seth Mattinen <sethm () rollernet us>]

Jeffrey Lyon wrote:
> All,
>
> There are few if any ISP that will help you with something like this.
> Law enforcement also does not have the resources to even begin to look
> at a single DSL line being attacked unless you can show 7+ figures in
> damage or some type of major threat to national infrastructure.
>
> Your options are basically as follows:
>
> 1) Use csf . If properly tuned this should be sufficient to filter
> minor attacks.
> 2) Invest in a decent firewall like a Juniper Netscreen and set
> session limits. This won't stop an attack but it will limit the amount
> of traffic you have to filter locally.
> 3) Ask SBC to null route the IP completely
> 4) Invest in an actual protection service.

Last time I had to deal with a DDoS coming over a Sprint circuit
(multilink T1) they transferred me to someone in security and they
started null routing things. Initially they were treating it as trouble
because the BGP session kept resetting, but once we all figured out it
was a DDoS the resolution was quick and painless. Maybe my experience is
abnormal? I don't know.

~Seth