North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: DoS attacks, NSPs unresponsiveness (fwd)
this is pathetic. take it offline. ...you might also try a bit of professionalism. - jsb On Tue, 7 Nov 2000, Christopher L. Morrow wrote: > > Jim, > I'm sure glad C&W is 24/7 could you publish a phone number that atleast > other providers could use to get intouch with the proper security element > in your org? I spent 4 hours today trying to get to an engineer who could > help me track an attack through corerouter1.blookington.cw.net and got > bounced through your NOC, your leased line crew, your contact at MCI > (yeah, that was fun), your managed firewall services crew, two other > engineers I had to explain what a Syn Attack was and finally got hung up > on by someone who has yet to call me back... > > Perhaps you can call me to get this track finished? (Since it's still > going strong at over 5kpps?) > > --Chris > > ####################################################### > ## UUNET Technologies, Inc. ## > ## Manager ## > ## Customer Router Security Engineering Team ## > ## (W)703-289-8479 (C)703-283-3734 ## > ####################################################### > > On Tue, 7 Nov 2000, Jim Farrar wrote: > > > > > Christopher, > > > > I'm sure other providers will find your comments equally interesting. > > > > http://www.security.cw.net/ > > > > 7x24 Naturally. > > > > > > /jim > > > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]]On Behalf Of > > Christopher L. Morrow > > Sent: Tuesday, November 07, 2000 9:09 PM > > To: [email protected] > > Subject: Re: DoS attacks, NSPs unresponsiveness (fwd) > > > > > > > > Having seen Ariel's message today, and NOT seeing my original response > > to > > his post (sent to him directly, did you NOT get this email Ariel?). > > I've > > reposted this message.. my original response to Ariel and Rubens. > > > > As to the others today, Steve Sobol, you too are not a UUNET direct > > customer, BUT if you are under attack and your Upstream tracks this > > traffic to UUNET have them follow the procedures outlined below and I > > will > > track the attack. > > > > UUNET DOES pay 4 people (six actually) to do nothing but stop and > > track > > DoS attacks on its backbone... and we are quite good at it. > > > > --Chris > > > > ####################################################### > > ## UUNET Technologies, Inc. ## > > ## Manager ## > > ## Customer Router Security Engineering Team ## > > ## (W)703-289-8479 (C)703-283-3734 ## > > ####################################################### > > > > ---------- Forwarded message ---------- > > Date: Thu, 2 Nov 2000 20:02:48 -0500 (EST) > > From: Christopher L. Morrow <[email protected]> > > To: Ariel Biener <[email protected]>, [email protected] > > Cc: [email protected], amos rosenboim <[email protected]> > > Subject: Re: DoS attacks, NSPs unresponsiveness > > > > Ariel and Rubens, > > I'd like to address your concerns about UUNET NOT getting involved > > when > > you networks (both downstreams of UUNET customers) are under attack. > > > > In both of your cases I have personally, on more than one occasion, > > contacted your upstream providers to inform them of proper contact > > procedures for Live Attacks. To clarify those procedures for the 10th > > time > > in a public forum, if you are under attack and your upstream is either > > UUNET, or it's a customer of UUNET have the DIRECT CUSTOMER of UUNET > > Call > > the UUNET Security/Fraud/Abuse Department and ask for a Rotuer > > Engineer. The phone number is: 1-800-900-0241 options 2,3,1 or for > > those > > that live outside the USA: 1-703-206-5440 options 2,3,1. > > > > If you no one calls there can be no action taken... in the case of > > Rubens, > > your upstream (Embratel, correct?) has been emailing attack > > notifications > > and null routing your addresses. They have been told by me personally > > (I > > spoke to an individual named 'Jorge' I believe) several times to call > > us > > so we can stop and track the attack. I have 4 engineers dedicated to > > dealing with DoS attacks on UUNET customers. We track several attacks > > per > > day and are available 24/7. > > > > I will not be held accountable for people's issues when they do NOT > > follow > > the appropriate contact procedures. If you would like to talk with me > > personally about this I invite you to call or email me directly as I'd > > be > > more than happy to clarify anything I've written in this message, my > > contact information is included for your convenience. > > > > For the others on this list, if you are a UUNET customer you can call > > our > > Security Department if you ever have any issues with security, DoS, > > fraud, > > spam, or the like. If you are under DoS attack either one of my > > engineers > > will stop and track the attack, or I will do it... it's what we get > > paid > > to do. If you are NOT a UUNET customer you know that other ISP's (Tier > > 1's > > atleast) do NOT filter attack traffic, and they do NOT track attacks. > > The > > ONLY exceptions to this are: Genuity, Global Crossing and at one time > > Verio. > > > > --Chris > > > > ####################################################### > > ## UUNET Technologies, Inc. ## > > ## Manager ## > > ## Customer Router Security Engineering Team ## > > ## (W)703-289-8479 (C)703-283-3734 ## > > ####################################################### > > > > On Thu, 2 Nov 2000, Ariel Biener wrote: > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > This e-mail comes to describe a common problem among a large > > number of > > > ISPs, mostly foreign, when dealing with US network service > > providers. I > > > don't want to talk about anyone I don't know of, so I will limit > > this > > > initial e-mail to talking about UUnet. > > > > > > As most of you know, some ISPs run irc servers, and provide an > > IRC > > > service to the community. The service is free, and maintenance and > > cost of > > > networking/hardware/human hours is on the ISPs expense. > > > > > > Irc tends to be a volatile medium, like interpersonal > > relationships in > > > real life. Thus, many times arguements turn into heated disputes, > > and > > > sometimes, some people pick up arms, and attack. The attacks usually > > take > > > out whole ISPs for hours, or days. > > > > > > The problem is that when trying to get help from the upstream > > provider > > > (UUnet in this example), you either receive a negative answer, or > > you're > > > just ignored completely. Thus, by terrorism, people get what they > > want, > > > and hold you at a threat of force, without any ability to defend > > yourself. > > > > > > Smurfing, icmp attacks, udp attacks, tcp synflooding (spoofed > > > sources) are just a number of these weapons. The problem with alot > > of > > > networking entities, be it ISPs, enterprises, and such, is that they > > allow > > > spoofed packets to leave their network (i.e. do not check if the > > packets > > > originate from within their netblocks before letting them leave > > their > > > routers). > > > > > > The question is, how can we defend ourselves, and why do the > > large NSPs > > > turn a blind eye, and act as if it's not their concern ? > > > > > > Is there a chance that by helping one another, and by > > implementing > > > Internet RFCs corrctly (rfc 1918 for example), we can contribute to > > the > > > elimination of this kind of electronic terrorism ? > > > > > > Any chance a UUnet person might answer ? > > > > > > > > > best regards, > > > > > > --Ariel > > > > > > -- > > > Ariel Biener > > > e-mail: [email protected] Work phone: 03-6406086 > > > fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC > > > > > > > > > > > > > > > > > > > >
|