Re: DoS attacks, NSPs unresponsiveness (fwd)

["Christopher L. Morrow" <cmorrow () UU NET>]

On Tue, 7 Nov 2000, John Payne wrote:

> On Tue, Nov 07, 2000 at 10:09:20PM -0500, Christopher L. Morrow wrote:
> > For the others on this list, if you are a UUNET customer you can call our
> > Security Department if you ever have any issues with security, DoS, fraud,
> > spam, or the like. If you are under DoS attack either one of my engineers
> > will stop and track the attack, or I will do it... it's what we get paid
> > to do. If you are NOT a UUNET customer you know that other ISP's (Tier 1's
> > atleast) do NOT filter attack traffic, and they do NOT track attacks. The
> > ONLY exceptions to this are: Genuity, Global Crossing and at one time
> > Verio.
>
> The only exceptions that you know of perhaps.  As a former employee of 
> AT&T Global Network Services (ibm.net), I know for a fact that AGNS responded
> promptly to any DoS reports called into our helpdesk, regardless of whether
> they were a paying customer, downstream of a customer or a peer.

Yes, I re-read this paragraph and what I meant was 'in my experience the
only people who track attacks are...'. I'd also forgotten tracking atleast
one attack with 2 folks from Above.Net... so they didn't make my original
list.

> I would also like to know UUNETs policy for peers, as I have first hand experience
> of other large ISPs who's helpdesks refused to take my phone call for assistance
> in tracking and blocking an on going attack because "you must be mistaken, the
> only way you would have a pipe into our network is if you are a customer".

Our policy is to track attacks that peers bring to us also... just follow
the procedures I outlined in the initial message (call 1-800-900-0241
option 2,3,1 and ask for a Router Engineer)... We'll happily track the
attack for you. :)

> I do remember uunet.ca being very responsive on at least one occasion, but
> its distressing to know that you've spent time and effort tracking an attack
> across your network only to come up against a brick wall... and then know thta
> you're going to have performance problems with that peer until the attack stops,
> and yet that peer is not willing to even talk to you.

Yes, this is quite distressing... my favorite answer is (after pouring
over the networks www.xyz.net website trying to find a single number to
call to TRY and find their NOC...): "please email that issue into
NOC () xyz net"... if you are a peer and track something up to a connect with
UUNET call and we'll track it for you.

-Chris