North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DoS attacks, NSPs unresponsiveness (fwd)
Stoned koala bears drooled eucalyptus spit in awe as John Payne exclaimed: > > On Tue, Nov 07, 2000 at 10:09:20PM -0500, Christopher L. Morrow wrote: > > For the others on this list, if you are a UUNET customer you can call our > > Security Department if you ever have any issues with security, DoS, fraud, > > spam, or the like. If you are under DoS attack either one of my engineers > > will stop and track the attack, or I will do it... it's what we get paid > > to do. If you are NOT a UUNET customer you know that other ISP's (Tier 1's > > atleast) do NOT filter attack traffic, and they do NOT track attacks. The > > ONLY exceptions to this are: Genuity, Global Crossing and at one time > > Verio. This is *entirely* untrue, and is a prime example of the shameless self-promotion that seems to be rampant on this list lately. I do not work for any of the above-mentioned Tier 1 providers and I know for a fact that we have a level-1 security staff on duty 24/7 to handle such incidents, and if they can't handle it, then they page somebody who can. There has been numerous occasions where I have spent all night on the phone with a customer, working with them to find a solution that thwarts a DoS attack while minimizing the negative effects on thier network and our's. > The only exceptions that you know of perhaps. As a former employee of > AT&T Global Network Services (ibm.net), I know for a fact that AGNS responded > promptly to any DoS reports called into our helpdesk, regardless of whether > they were a paying customer, downstream of a customer or a peer. *sigh* It's a shame, though, that they are less than responsive about other forms abuse, and even less responsive than that about fixing their misconfigured SNMP monitoring software that tries to access routers that do not belong to them. > I would also like to know UUNETs policy for peers, as I have first hand experience > of other large ISPs who's helpdesks refused to take my phone call for assistance > in tracking and blocking an on going attack because "you must be mistaken, the > only way you would have a pipe into our network is if you are a customer". This seems to be the case more often than not, and it explains why a lot of network/security engineers won't even bother attempting to trace a DoS attack to their borders, because they know that they're wasting their time. Sure, they can tell the customer that it's originating from ASXXX or network XXX but if ASXXX or network XXX won't listen to you, what good does it do? Jeff Representing only myself, as my employer has an advertising department to promote them in the appropriate venues. -- "For competitive reasons we can't tell you the location of our fiber." -- An anonymous representative of a very large telco "For competitive reasons we can't tell you the location of our backhoe." -- An anonymous representative of a contractor.