nanog mailing list archives
Re: abuse reporting tools
From: John Kristoff <jtk () cymru com>
Date: Wed, 19 Nov 2014 11:14:19 -0600
On Tue, 18 Nov 2014 16:58:24 -0800 Mike <mike-nanog () tiedyenetworks com> wrote:
I provide broadband connectivity to mostly residential users. Over the past few years, instances of DDoS against the network - specfically targeting end users - has been on the rise, and today I can qualify many of these as simple acts of revenge where someone will engage a dos (possibly, services like 'booters' or similar) because they lost an online game or had some interactive in a forum they didn't like.
Hi Mike, I certainly sympathize with you about dealing with this sort of activity. Since you seem to be willing to invest some effort into mitigating it, what would also be interesting is to compile a summary of this activity that you're seeing. Answering questions such as how often does it happen, the duration when it does, what games are most commonly associated with the attacks you're seeing, what are the attack characteristics and so on. Having good insight into these attacks in formulating responses or going off and performing their own research to get closer to the who, why and how so they can be mitigated in other ways too. If you ever attend a NANOG, a presentation about your experiences might be welcome, it would very likely be in the security track, which I sometimes help moderate if you want to consider it.
I have good 'consumer broadband' filtering rules in place which make sense and protect against quite a lot of obviously ddos oriented traffic streams.
Do you ever find that the attacks overwhelm your network or are they usually just big enough to disrupt your downstream customer?
I am wondering if anyone has a pointer or reference to any tools which might help facillitate this?
I can point you to some tools and references I'm aware of, but I can't talk about how effectively they are operationally or whether or not you should abide by or use them. AbuseHelper <http://abusehelper.be/> IETF RFC 5965 An Extensible Format for Email Feedback Reports <https://tools.ietf.org/html/rfc5965> IETF RFC 6650 Creation and Use of Email Feedback Reports <https://tools.ietf.org/html/rfc6650> Network Abuse Reporting 2.0 <http://www.x-arf.org/> Net::Abuse::Utils <http://search.cpan.org/~mikegrb/Net-Abuse-Utils/> John
Current thread:
- abuse reporting tools Mike (Nov 18)
- Re: abuse reporting tools Michael Brown (Nov 18)
- Re: abuse reporting tools Robert Drake (Nov 18)
- Re: abuse reporting tools Jimmy Hess (Nov 21)
- RE: abuse reporting tools Drew Weaver (Nov 25)
- Re: abuse reporting tools Robert Drake (Nov 18)
- Re: abuse reporting tools Michael Brown (Nov 18)
- Re: abuse reporting tools Rafael Possamai (Nov 18)
- Re: abuse reporting tools Ken Chase (Nov 18)
- Re: abuse reporting tools John Kristoff (Nov 19)
- Re: abuse reporting tools Paul Bennett (Nov 19)
- Re: abuse reporting tools Paul Bennett (Nov 19)
- Re: abuse reporting tools Franck Martin (Nov 19)
- Re: abuse reporting tools Paul Bennett (Nov 20)
- Re: abuse reporting tools Paul Bennett (Nov 25)
- Re: abuse reporting tools Paul Bennett (Nov 19)