nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DoS attacks, NSPs unresponsiveness

From: Valdis.Kletnieks () vt edu
Date: Thu, 02 Nov 2000 16:10:17 -0500
On Thu, 02 Nov 2000 12:28:19 PST, Alexei Roudnev said:

Just again - what's about an attempt to creta e ISP association which -
- promise to do ingress filtering


It's already an IETF BCP, all clued ISP's should be doing it already - the
problem is the *unclued* ISPs, which will neither do ingress/egress
filtering, nor join any ISP association..

Hint:  How many of those ISPs do we hear from on NANOG? ;)


- promise to do active filtering


"active filtering" in what meaning?  You have to be careful here, to
avoid a DOS attack by triggering active filtering...


- promise to investigate any case


Would "investigate" include the form letter I send out whenever I get
a complaint that one of our NTP servers is trying to hack through somebody's
firewall on ports 13, 37, and 123?

Our CIRT is just basically 5-6 people who do security on top of everything
else. We have to perform triage - in the last week, we got the disk drive
of a compromised system into an evidence bag within 3 hours or so of
our first notification there was a problem.  On the other hand, we most
certainly do *NOT* guarantee that level of response unless it's a very
high profile incident.  I'm sure the situation is similar at every
other site out there....

-- 
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: