Re: DDoS attacks

[Hank Nussbacher <hank () att net il>]

At 22:36 11/07/01 -0700, Jon O . wrote:
> Ariel:
>
>
> If you don't have these links already, they contain many resources for 
> DDoS attack prevention and protection:
> http://staff.washington.edu/dittrich/misc/ddos/
> http://www.cisco.com/warp/public/707/22.html
> http://www.denialinfo.com/
>
> The only few things you can do on your end are:
>         TCP Intercept
>         Rate-limiting
>         Conacting your upstream ISP
>         Contacting ISP managing the sources of the attack
>
> Other people might have more/other suggestions.
>
> You initial email asked for AboveNet contact. Did you get some assistance 
> and if so what was the resolution? This is very important for us to know 
> so we can kind of keep track of cooperative ISPs and the ones that just 
> ignore these problems.

And then what?  Suppose you had a list of non-cooperative ISPs?  What 
then?  Experience has shown that the ISPs that don't care, won't care no 
matter what you say or do (those who follow FIRST know I have a lot to say 
on this matter, but have been holding back to give those non-cooperative 
ISPs time to make matters right - we are now on day 5 of a continuous 
non-spoofed 20Mb/sec dDoS attack :-)).  Convince me why a list of 
non-cooperative ISPs is a thing that would help.

-Hank



> Thanks,
> Jon