nanog mailing list archives

Re: Effective ways to deal with DDoS attacks?

From: "Christopher L. Morrow" <chris () UU NET>
Date: Thu, 2 May 2002 05:15:06 +0000 (GMT)



On Wed, 1 May 2002, Basil Kruglov wrote:


On Thu, May 02, 2002 at 04:45:43AM +0000, Christopher L. Morrow wrote:

On Wed, 1 May 2002, Wojtek Zlobicki wrote:


Where are providers drawing the line ?  Anyone have somewhat detailed
published policies as to what a provider can do in order to protect their
nework as a whole.
At what point (strength of the attack) does a customers netblock (assuming a
/24 for
example) get null routed by whichever party.


Most providers likely have a policy similar to: "I can't sacrafice 1
my network for 1 customer". So, if the attack is sufficient to degrade
service on the ISP network most likely the customer under attack will get
null routed.


Are you saying UUnet, assuming for a sec that I am a customer of UUnet (just
for the sake of the argument), UU will not null route my ircd if it
it gets attacked on regular basis, say *daily* ?


I did not say that.


Furthermore you are going to consistently place filters on your routers,
take them out within the 24h (or whatever then-current policy of UUnet is)
and track attacks back to their sources within the boundaries of your
backbone on a daily basis? ;)


uhm... sure, we do this now... or have you not been paying attention?

Will you do that for say a regular T1 customer or do I need more "commitment"
as sales droids like to put it, to even consider such a service ? ;)


read above.

Hmm, perhaps FIRST customers should insist that their ISP have some 24/7
security contact that can actually help in the case of an attack. Today
there are very few that have this capability. I'd say from personal
experience that the number is way too small, even in the 'large' ISP arena
:(

More pressure from customers for real security would be a good start.


sigh, tried and failed, miserably I might add.


Then become a UUNET customer cause we already do this... Perhaps other
providers with 24/7 security teams will pipe up to give potential
customers a heads-up on options other than UUNET? If you go with UUNET
please tell the sales driod I sent you cause then I get 50 bucks :) (my
only raise thanks to bernie)

Current thread:

Re: Effective ways to deal with DDoS attacks?, (continued)
- - - Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 06)
    - Re: Effective ways to deal with DDoS attacks? Ralph Doncaster (May 06)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 06)
    - Re: Effective ways to deal with DDoS attacks? Chris Adams (May 06)
- Re: Effective ways to deal with DDoS attacks? measl (May 01)
  - Re: Effective ways to deal with DDoS attacks? Wojtek Zlobicki (May 01)
    - Re: Effective ways to deal with DDoS attacks? dies (May 01)
    - Re: Effective ways to deal with DDoS attacks? Wojtek Zlobicki (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Basil Kruglov (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Message not available
    - Forget Bernie... blitz (May 02)
    - Re: Forget Bernie... Rachel K. Warren (May 02)
    - RE: Forget Bernie... Eric Germann (May 02)
    - Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
    - Re: Effective ways to deal with DDoS attacks? Leo Bicknell (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 01)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)

(Thread continues...)