Re: Effective ways to deal with DDoS attacks?

[Basil Kruglov <basil () cifnet com>]

On Thu, May 02, 2002 at 04:45:43AM +0000, Christopher L. Morrow wrote:
> On Wed, 1 May 2002, Wojtek Zlobicki wrote:
> > Where are providers drawing the line ?  Anyone have somewhat detailed
> > published policies as to what a provider can do in order to protect their
> > nework as a whole.
> > At what point (strength of the attack) does a customers netblock (assuming a
> > /24 for
> > example) get null routed by whichever party.
>
> Most providers likely have a policy similar to: "I can't sacrafice 1
> my network for 1 customer". So, if the attack is sufficient to degrade
> service on the ISP network most likely the customer under attack will get
> null routed.

Are you saying UUnet, assuming for a sec that I am a customer of UUnet (just
for the sake of the argument), UU will not null route my ircd if it
it gets attacked on regular basis, say *daily* ?

Furthermore you are going to consistently place filters on your routers,
take them out within the 24h (or whatever then-current policy of UUnet is)
and track attacks back to their sources within the boundaries of your 
backbone on a daily basis? ;)

Will you do that for say a regular T1 customer or do I need more "commitment" 
as sales droids like to put it, to even consider such a service ? ;)

> Hmm, perhaps FIRST customers should insist that their ISP have some 24/7
> security contact that can actually help in the case of an attack. Today
> there are very few that have this capability. I'd say from personal
> experience that the number is way too small, even in the 'large' ISP arena
> :(
>
> More pressure from customers for real security would be a good start.

sigh, tried and failed, miserably I might add.

-Basil