Re: Identifying DoS-attacked IP address(es)

["Christopher L. Morrow" <chris () UU NET>]

On Mon, 16 Dec 2002, James-lists wrote:

> I am wondering how much help backbone providers give in
> identifying sources of a DoS and deciding what ACL's or
> rate-limits need to be placed to bring a DoS under control,

I'm sure you can look in the archives of this list for messages from me
about this very thing... :) In short: "Every ISP should have 24/7 security
support for customers under attack." That support should include, acls,
null routes, tracking the attack to the ingress. Rarely do rate-limits do
any good in the case of DoS attacks... (this part is a debate for another
thread)

> for their downstream clients. (Assuming it is their
> downstream clients that are being DoS'ed).
> I realize this will vary from provider to provider, I am
> just seeking peoples experiences with this issue.

it may vary, but there really should be an expected minimum standard.

> James Edwards
> jamesh () cybermesa com
> At the Santa Fe Office: Internet at Cyber Mesa
> Store hours: 9-6 Monday through Friday
> Phone support 365 days till 10 pm via the Santa Fe office:
> 505-988-9200