|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DoS attacks, NSPs unresponsiveness (fwd)
Having seen Ariel's message today, and NOT seeing my original response to his post (sent to him directly, did you NOT get this email Ariel?). I've reposted this message.. my original response to Ariel and Rubens. As to the others today, Steve Sobol, you too are not a UUNET direct customer, BUT if you are under attack and your Upstream tracks this traffic to UUNET have them follow the procedures outlined below and I will track the attack. UUNET DOES pay 4 people (six actually) to do nothing but stop and track DoS attacks on its backbone... and we are quite good at it. --Chris ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-289-8479 (C)703-283-3734 ## ####################################################### ---------- Forwarded message ---------- Date: Thu, 2 Nov 2000 20:02:48 -0500 (EST) From: Christopher L. Morrow <[email protected]> To: Ariel Biener <[email protected]>, [email protected] Cc: [email protected], amos rosenboim <[email protected]> Subject: Re: DoS attacks, NSPs unresponsiveness Ariel and Rubens, I'd like to address your concerns about UUNET NOT getting involved when you networks (both downstreams of UUNET customers) are under attack. In both of your cases I have personally, on more than one occasion, contacted your upstream providers to inform them of proper contact procedures for Live Attacks. To clarify those procedures for the 10th time in a public forum, if you are under attack and your upstream is either UUNET, or it's a customer of UUNET have the DIRECT CUSTOMER of UUNET Call the UUNET Security/Fraud/Abuse Department and ask for a Rotuer Engineer. The phone number is: 1-800-900-0241 options 2,3,1 or for those that live outside the USA: 1-703-206-5440 options 2,3,1. If you no one calls there can be no action taken... in the case of Rubens, your upstream (Embratel, correct?) has been emailing attack notifications and null routing your addresses. They have been told by me personally (I spoke to an individual named 'Jorge' I believe) several times to call us so we can stop and track the attack. I have 4 engineers dedicated to dealing with DoS attacks on UUNET customers. We track several attacks per day and are available 24/7. I will not be held accountable for people's issues when they do NOT follow the appropriate contact procedures. If you would like to talk with me personally about this I invite you to call or email me directly as I'd be more than happy to clarify anything I've written in this message, my contact information is included for your convenience. For the others on this list, if you are a UUNET customer you can call our Security Department if you ever have any issues with security, DoS, fraud, spam, or the like. If you are under DoS attack either one of my engineers will stop and track the attack, or I will do it... it's what we get paid to do. If you are NOT a UUNET customer you know that other ISP's (Tier 1's atleast) do NOT filter attack traffic, and they do NOT track attacks. The ONLY exceptions to this are: Genuity, Global Crossing and at one time Verio. --Chris ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-289-8479 (C)703-283-3734 ## ####################################################### On Thu, 2 Nov 2000, Ariel Biener wrote: > > > > > Hi, > > > > This e-mail comes to describe a common problem among a large number of > ISPs, mostly foreign, when dealing with US network service providers. I > don't want to talk about anyone I don't know of, so I will limit this > initial e-mail to talking about UUnet. > > As most of you know, some ISPs run irc servers, and provide an IRC > service to the community. The service is free, and maintenance and cost of > networking/hardware/human hours is on the ISPs expense. > > Irc tends to be a volatile medium, like interpersonal relationships in > real life. Thus, many times arguements turn into heated disputes, and > sometimes, some people pick up arms, and attack. The attacks usually take > out whole ISPs for hours, or days. > > The problem is that when trying to get help from the upstream provider > (UUnet in this example), you either receive a negative answer, or you're > just ignored completely. Thus, by terrorism, people get what they want, > and hold you at a threat of force, without any ability to defend yourself. > > Smurfing, icmp attacks, udp attacks, tcp synflooding (spoofed > sources) are just a number of these weapons. The problem with alot of > networking entities, be it ISPs, enterprises, and such, is that they allow > spoofed packets to leave their network (i.e. do not check if the packets > originate from within their netblocks before letting them leave their > routers). > > The question is, how can we defend ourselves, and why do the large NSPs > turn a blind eye, and act as if it's not their concern ? > > Is there a chance that by helping one another, and by implementing > Internet RFCs corrctly (rfc 1918 for example), we can contribute to the > elimination of this kind of electronic terrorism ? > > Any chance a UUnet person might answer ? > > > best regards, > > --Ariel > > -- > Ariel Biener > e-mail: [email protected] Work phone: 03-6406086 > fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC > >
|