nanog mailing list archives
Re: abuse reporting tools
From: Ken Chase <math () sizone org>
Date: Tue, 18 Nov 2014 21:43:59 -0500
Just wait for GigE-everywhere. I am almost sure that these new Gig-to-the-toaster residential installs have very little rate filtering (or abuse response); let's hope that oversubscription solves the issue handily as it has traditionally. /kc On Tue, Nov 18, 2014 at 08:19:01PM -0600, Rafael Possamai said: >Some folks might disagree with this, but if it's an important service that >I have running on a network, I will block a series of garbage AS's (closer >to /8 the better) at the firewall (not at the edge) and that reduces the >headaches by 50%. This isn't practical at the edge, but for system >administration is the only way I have found to minimize the problem. A lot >of times the owners of these IPs don't really care and won't take action. >For example, the amount of garbage that comes out of FDC Servers in Chicago >at times and not much is done. > >On Tue, Nov 18, 2014 at 6:58 PM, Mike <mike-nanog () tiedyenetworks com> wrote: > >> Hello, >> >> I provide broadband connectivity to mostly residential users. Over the >> past few years, instances of DDoS against the network - specfically >> targeting end users - has been on the rise, and today I can qualify many >> of these as simple acts of revenge where someone will engage a dos >> (possibly, services like 'booters' or similar) because they lost an >> online game or had some interactive in a forum they didn't like. I have >> good 'consumer broadband' filtering rules in place which make sense and >> protect against quite a lot of obviously ddos oriented traffic streams. >> The next step I want to engage, for those types of traffic which I can >> positively identify as not spoofed, is to send out abuse reports to >> owners of ip ranges used to launch these attacks. Ideally I'd like to be >> able to write up some form letter describing the attack, the source >> ip(s) of note, some disassembled sample packets, and then feed a list of >> IP source addresses and have it mail it out to the abuse contact at each >> source network. I am wondering if anyone has a pointer or reference to >> any tools which might help facillitate this? >> >> Thank you. >> >> Mike- >> -- Ken Chase - math () sizone org
Current thread:
- abuse reporting tools Mike (Nov 18)
- Re: abuse reporting tools Michael Brown (Nov 18)
- Re: abuse reporting tools Robert Drake (Nov 18)
- Re: abuse reporting tools Jimmy Hess (Nov 21)
- RE: abuse reporting tools Drew Weaver (Nov 25)
- Re: abuse reporting tools Robert Drake (Nov 18)
- Re: abuse reporting tools Michael Brown (Nov 18)
- Re: abuse reporting tools Rafael Possamai (Nov 18)
- Re: abuse reporting tools Ken Chase (Nov 18)
- Re: abuse reporting tools John Kristoff (Nov 19)
- Re: abuse reporting tools Paul Bennett (Nov 19)
- Re: abuse reporting tools Paul Bennett (Nov 19)
- Re: abuse reporting tools Franck Martin (Nov 19)
- Re: abuse reporting tools Paul Bennett (Nov 20)
- Re: abuse reporting tools Paul Bennett (Nov 25)
- Re: abuse reporting tools Paul Bennett (Nov 19)