Re: DoS attacks, NSPs unresponsiveness (fwd)

[John Payne <john () sackheads org>]

On Tue, Nov 07, 2000 at 10:09:20PM -0500, Christopher L. Morrow wrote:
> For the others on this list, if you are a UUNET customer you can call our
> Security Department if you ever have any issues with security, DoS, fraud,
> spam, or the like. If you are under DoS attack either one of my engineers
> will stop and track the attack, or I will do it... it's what we get paid
> to do. If you are NOT a UUNET customer you know that other ISP's (Tier 1's
> atleast) do NOT filter attack traffic, and they do NOT track attacks. The
> ONLY exceptions to this are: Genuity, Global Crossing and at one time
> Verio.

The only exceptions that you know of perhaps.  As a former employee of 
AT&T Global Network Services (ibm.net), I know for a fact that AGNS responded
promptly to any DoS reports called into our helpdesk, regardless of whether
they were a paying customer, downstream of a customer or a peer.

I would also like to know UUNETs policy for peers, as I have first hand experience
of other large ISPs who's helpdesks refused to take my phone call for assistance
in tracking and blocking an on going attack because "you must be mistaken, the
only way you would have a pipe into our network is if you are a customer".

I do remember uunet.ca being very responsive on at least one occasion, but
its distressing to know that you've spent time and effort tracking an attack
across your network only to come up against a brick wall... and then know thta
you're going to have performance problems with that peer until the attack stops,
and yet that peer is not willing to even talk to you.

-- 
John Payne      http://www.sackheads.org/jpayne/    john () sackheads org
http://www.sackheads.org/uce/                    Fax: +44 870 0547954
        To send me mail, use the address in the From: header