Re: DoS attack... what to do?

[Alvin Oga <alvin.sec () Virtual Linux-Consulting com>]

hi ya

> Actually, many ISPs are not terribly happy to "work with you", as "their
> time" is a resource just as much as their bandwidth is, and this often
> requires the attention of the most senior people. Customers who repeatedly
> get DoS'd often find themselves invited to take their business elsewhere.

in those cases, you'd probably want to work with an isp that will
work with you to minimize "useless traffic" in their own precious networks
        - you're paying good $$$ for a data-pipe they're no longer providing

servers will get DDoS, randomly or purposely... 

when the DDoS attacks takes up "resources" that costs more than $15K(?),
you can get the FBI involved ... at which point, if the isp is not cooperative,
they'd become even more unhappy about their precious time and resources
and have no choice in the matter to ignore your requests to get things cleaned up

it'd be ideal if you're being even partially attacked from cracked/broken
gov't servers, as they are very very sensitive about unauthorized use of 
their servers ( from what we've seen so far )

> > Now the question is: Who did you piss off?
>
> Same thing I asked him :-)

or what domains are you running to get all this attention

c ya
alvin