North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: ISP's who filter ICMP during DoS?

  • From: Los, Ralph
  • Date: Fri Jun 29 11:25:51 2001 
Hello all,

	Absolutely.  I have some good answers for you.

::WILLING to filter
	(0) Savvis - Took them 10 minutes to drop the 254/255 port
utilization of ICMP traffic on my T-1 I have from them.  Their NOC (hats off
to 'Chris') is super-responsive.

	(1) UUNet - They're helpful, if you can get through to an actual
engineer, not a help desk drone...what is WITH these help desk people??

::CLUELESS
	(0) PSINet - Sorry guys.  Both our T-1's (Savvis and PSINet) on one
segment got nailed....the Savvis boys loosened the noose, PSINet (help desk
drone) asked me to submit logs to their '[email protected]' mailbox, wait up to 24-hours
for a call back, and they'd go from there.  Folks, I work for a
financial-services corporation, in 24 hours, I'd lose, what $200 million in
business?  No wonder they're bankrupt.  (Great engineers,
less-than-intelligent drones at the 'help desk').

	(1) Winstar - /chuckle/.  They couldn't find me in their customer
database, but by the time they firgured out who I was, I had hung up and
cancelled the line.  (We got this as a freebie, couldn't complain).

	(2) AT&T - I can't stand support drones that don't understand what
an ICMP flood is, much less know what to do with it.  I had to explain to
them that ICMP flooding is a DDoS and that I needed someone from
engineering.  Wow...Kevin couldn't convince this half-wit I conversed with
to get me to an engineer.  I gave up and just let the router die.


Cheers!

Ralph M. Los
Asst. Vice-President, Internet Systems and Security
EnvestNet Advisory Corp.
[email protected]
(312) 827-3945 (direct)
(312) 296-9003 (wireless w/voicemail)


-----Original Message-----
From: ASV [mailto:[email protected]]
Sent: Thursday, June 28, 2001 5:50 PM
To: [email protected]
Subject: ISP's who filter ICMP during DoS?



Does anyone have a list of which ISPs are willing to filter ICMP packets
for you when your network is being (D)DoS'd, and which prefer to simply
blackhole / disconnect you, and which will do absolutely nothing??

I'm finding it hard to gather this information and it occured to me that
this is an obvious factor when choosing an ISP!

Thanks,