North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DoS attacks, NSPs unresponsiveness
On Thu, 02 Nov 2000 12:28:19 PST, Alexei Roudnev said: > Just again - what's about an attempt to creta e ISP association which - > - promise to do ingress filtering It's already an IETF BCP, all clued ISP's should be doing it already - the problem is the *unclued* ISPs, which will neither do ingress/egress filtering, nor join any ISP association.. Hint: How many of those ISPs do we hear from on NANOG? ;) > - promise to do active filtering "active filtering" in what meaning? You have to be careful here, to avoid a DOS attack by triggering active filtering... > - promise to investigate any case Would "investigate" include the form letter I send out whenever I get a complaint that one of our NTP servers is trying to hack through somebody's firewall on ports 13, 37, and 123? Our CIRT is just basically 5-6 people who do security on top of everything else. We have to perform triage - in the last week, we got the disk drive of a compromised system into an evidence bag within 3 hours or so of our first notification there was a problem. On the other hand, we most certainly do *NOT* guarantee that level of response unless it's a very high profile incident. I'm sure the situation is similar at every other site out there.... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00002.pgp
|