nanog mailing list archives
What good is a noc team? How do you mitigate this? [was: How many backbones ...]
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 03 Dec 2004 01:20:36 +0200
Sorry your experience has been different, this is definitely one of those YMMV kinds of deals. That is a significant attack by most anyone's standards. Getting to the right security team usually ends up being the challenge. Once there however we have found many providers do a great job of dealing with attacks quickly. Use of BGP triggered blackholes can be a great help and going to the NOC/Abuse team with lots of good information from the start helps you get to the people that can pull the attack of quickly. You have to remember that, like all of us, larger service providers have their share of low clue factor customers. The quicker you can help them realize that you have a fairly high clue factor the quicker you'll get to folks on their side with a high clue factor. During times of outages, attacks, etc. it is easy to get agitated quickly and that often times doesn't help you get through the first couple of barrier noc techs.
Okay, making this an operational issue. Say you are attacked. Say it isn't even a botnet. Say a new worm is out and you are getting traffic from 19 different class A's.
Who do you call? What do you block? How can a noc team here help?"Please block any outgoing connections from your network to ours on port 25? Please?" I tried this once.. it doesn't help. I ended up blackholing an entire country just to mitigate it a bit, for a few hours.
Any practical suggestions? Gadi.
Current thread:
- RE: How many backbones here are filtering the makelovenotspam scr eensaver site? Chad Skidmore (Dec 02)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Steven Champeon (Dec 02)
- <Possible follow-ups>
- RE: How many backbones here are filtering the makelovenotspam scr eensaver site? Chad Skidmore (Dec 02)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Justin Ryburn (Dec 02)
- RE: How many backbones here are filtering the makelovenotspam scr eensaver site? Chad Skidmore (Dec 02)
- What good is a noc team? How do you mitigate this? [was: How many backbones ...] Gadi Evron (Dec 02)
- RE: How many backbones here are filtering the makelovenotspam scr eensaver site? Chad Skidmore (Dec 02)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Elmar K. Bins (Dec 03)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Hank Nussbacher (Dec 03)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Elmar K. Bins (Dec 03)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Andre Oppermann (Dec 03)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Iljitsch van Beijnum (Dec 03)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Cliff Albert (Dec 03)
- Re: How many backbones here are filtering the makelovenotspam scr eensaver site? Elmar K. Bins (Dec 03)