nanog mailing list archives

Re: Reporting DDOS reflection attacks

From: McDonald Richards <mcdonald.richards () gmail com>
Date: Sat, 8 Nov 2014 21:09:54 +1100

Out of curiosity, have any of you had luck reporting the sources of attacks
to the admins of the origin ASNs?

Any failure or success stories you can share?

Macca


On Sat, Nov 8, 2014 at 6:20 PM, Paul Bennett <paul.w.bennett () gmail com>
wrote:

On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins () arbor net> wrote:


On 8 Nov 2014, at 1:56, srn.nanog () prgmr com wrote:

But right now how should we be doing it?


<http://www.team-cymru.org/Services/ip-to-asn.html>


Once you get the ASN or at least the domain name of the ISP providing
service to the reflecting host, several major reputable ISPs
(including my employer, who I can't name because I'm not an official
spokesperson) will welcome RFC 5070 "IODEF" reports for general
network abuse and RFC 5965 "MARF" format for email abuse, directed to
abuse@ the main domain for that ISP.

http://www.ietf.org/rfc/rfc5070.txt

http://www.ietf.org/rfc/rfc5965.txt



--
Paul W Bennett

Current thread:

Reporting DDOS reflection attacks srn . nanog (Nov 07)
- Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 07)
  - Re: Reporting DDOS reflection attacks Paul Bennett (Nov 07)
    - Re: Reporting DDOS reflection attacks McDonald Richards (Nov 08)
    - Re: Reporting DDOS reflection attacks Roland Dobbins (Nov 08)
    - Re: Reporting DDOS reflection attacks Miles Fidelman (Nov 08)
    - Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Ruairi Carroll (Nov 08)
  - Re: Reporting DDOS reflection attacks srn . nanog (Nov 08)
- Re: Reporting DDOS reflection attacks Damian Menscher (Nov 08)
  - Re: Reporting DDOS reflection attacks Brian Rak (Nov 09)
    - Re: Reporting DDOS reflection attacks srn . nanog (Nov 09)
- RE: Reporting DDOS reflection attacks Frank Bulk (Nov 08)
  - Re: Reporting DDOS reflection attacks Yardiel D. Fuentes (Nov 08)

(Thread continues...)