North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What do we do with clueless ISPs

  • From: Jon Lewis
  • Date: Sun Mar 22 16:40:40 1998

On Sun, 22 Mar 1998, Joe  Shaw wrote:

> informed.  UUNet took an hour to get a security person on the phone who
> then told me that there was nothing they could do, period.  

If you call UUNet after hours, they have to page someone from security.
Depending on which grunt answers the phone, you may have to remind them
several times that you're experiencing a Dennial of Service ATTACK, and
that they NEED to page the on-call security person.  Some of their first
level people are good, but some seem like they were just pulled in off the
street and handed a phone.

> down?  I told the people at UUNet that we were under smurf attack, and
> then I had to go through a 10 minute explanation of what a smurf attack
> was and what it was doing.  I would expect a worldwide NSP to keep up with

It's even funnier when you explain to the first level person that a host
on your network is being smurfed, and they act as if they know exactly
what you're talking about.  Then they ask "Can you give me the address the
attack is coming from?"  Then they admit they have no idea what smurf is.

Lately, UUNet's been very slow to track smurf attacks, claiming they can't
use DoStracker because it "does bad things to [their] routers".  Having
never used it myself, I have no idea if this is true or just a line.

The best you can hope for is to get a security person on the phone and
have them put in a temporary filter.

 Jon Lewis <[email protected]>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
______ for PGP public key____