North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Thu, May 02, 2002 at 04:45:43AM +0000, Christopher L. Morrow wrote: > On Wed, 1 May 2002, Wojtek Zlobicki wrote: > > > > Where are providers drawing the line ? Anyone have somewhat detailed > > published policies as to what a provider can do in order to protect their > > nework as a whole. > > At what point (strength of the attack) does a customers netblock (assuming a > > /24 for > > example) get null routed by whichever party. > > Most providers likely have a policy similar to: "I can't sacrafice 1 > my network for 1 customer". So, if the attack is sufficient to degrade > service on the ISP network most likely the customer under attack will get > null routed. Are you saying UUnet, assuming for a sec that I am a customer of UUnet (just for the sake of the argument), UU will not null route my ircd if it it gets attacked on regular basis, say *daily* ? Furthermore you are going to consistently place filters on your routers, take them out within the 24h (or whatever then-current policy of UUnet is) and track attacks back to their sources within the boundaries of your backbone on a daily basis? ;) Will you do that for say a regular T1 customer or do I need more "commitment" as sales droids like to put it, to even consider such a service ? ;) > Hmm, perhaps FIRST customers should insist that their ISP have some 24/7 > security contact that can actually help in the case of an attack. Today > there are very few that have this capability. I'd say from personal > experience that the number is way too small, even in the 'large' ISP arena > :( > > More pressure from customers for real security would be a good start. sigh, tried and failed, miserably I might add. -Basil
|