nanog mailing list archives

Re: real-time DDoS help?

From: "Rubens Kuhl Jr." <rubens () email com>
Date: Sat, 19 Jun 2004 23:49:04 -0300

Is there any place where people with experience dealing with DDoS attacks
hang out?  I'm getting very little assistance from my upstream beyond
"call whomever is in charge of each IP attacking and make them stop", and
"even though we null route the destination IP being attacked, this traffic
will be billed".


It seems that you should look somewhere else for your next bandwidth
contract...

I've got a nice snippet of flows, so I can mostly see where everything is
coming from, and it's obvious what the target is, but my
flow-stat/flow-report skills are pretty weak.


Fake or real source IPs ? TCP SYNs, ICMPs, UDPs ?



Rubens

Current thread:

Re: real-time DDoS help?, (continued)
- - - Re: real-time DDoS help? Matthew McGehrin (Jun 22)
    - Re: real-time DDoS help? Bubba Parker (Jun 22)
    - Re: real-time DDoS help? Christian Malo (Jun 22)
    - Re: real-time DDoS help? Bubba Parker (Jun 22)
    - Re: real-time DDoS help? Tim Brown (Jun 22)
    - Re: to irc or not to irc Matthew McGehrin (Jun 22)
    - Re: real-time DDoS help? James (Jun 22)
    - Re: real-time DDoS help? Steve Gibbard (Jun 22)
    - Re: real-time DDoS help? Jonathan M. Slivko (Jun 22)
    - Re: real-time DDoS help? Charles Sprickman (Jun 22)
- Re: real-time DDoS help? Rubens Kuhl Jr. (Jun 19)
- Re: real-time DDoS help? Michael Loftis (Jun 19)
- Re: real-time DDoS help? Mike Lewinski (Jun 19)
- Re: real-time DDoS help? Charles Sprickman (Jun 20)
- Re: real-time DDoS help? Daniel Golding (Jun 22)