North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DoS attacks, NSPs unresponsiveness

  • From: Ariel Biener
  • Date: Wed Nov 01 23:55:53 2000

On Wed, 1 Nov 2000, John Fraizer wrote:

> While I agree that it is unprofessional for your contact at a provider to
> ignore or be disrespectful of you regarding a DoS against an IRC server,
> it is just a fact of life that attacks against commercial entities will be
> treated with much higher priority than attacks against a non-revenue
> producing "service."Quite frankly, the pizza man comes in WAY above an
> IRC server in my book.

That is not true, since the attacks take down the whole ISP, and this is a
commercial damage to the said ISP, which is counted in $$.

> Quite frankly, unless the source of the attack lives on their network,
> they bear no responsibility, period, the end.They're providing
> transit.It's 1's and 0's with no discrimination.

Yes, but it seems others (AT&T for example) do not take the above point of
view, and actually do provide a real service, and help track attackers
that use their network. Even without filtering, backtracing an attack to
it's source, with responsive abuse teams, can take about 10 hours,
counting all the networking entities in the path of the attack. If said
NSP would have been responsive, they'd see where the attack is coming
from, and either conact the next in-line network entity on the path of the
attack, or at least supply the details to the attacked ISP.

> RFC1918 specifically addresses filtering routing information.Not spoofed
> addresses.It states "routing information about private networks shall
> not be propagated on inter-enterprise links, and packets with private
> source or destination addresses should not be forwarded across such
> links."Notice the placement of "shall" and "should."

Yes. But while it says should, it's obviously a good idea to
implement. About spoofing, Cisco (and others) have simple cook book
solutions of a few lines on your router's conf, that stop that. It just
takes some selfless acts, and caring about others, to do that when you
configure your own edge routers, being a good Netizen.

> Now, in specific response to your question about eliminating electronic
> terrorism,it is doubtful.Doubtful that you'll ever: #1 spread enough
> clue around. #2 get everyone to cooperate.

Well, about #2, that is what I am hoping to achieve. Even if not EVERYONE
will cooperate, then enough to have the big players in the game, to get
something going. Otherwise, what you're saying, YES, terrorism is here to
stay, BUT, we don't give a damn. Now, judging at what you see in the world
today, while not ALL countries cooperate on terrorism issues (real life
terror - bombs and stuff), there are a large number of countries that do,
and this helps make it much harder on extremists to compromise your
security. I guess you do like not having to look behind your shoulder when
you go to work, right ?  :)


> ---
> John Fraizer
> EnterZone, Inc

Ariel Biener
e-mail: [email protected]           Work phone: 03-6406086
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC