North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Identifying DoS-attacked IP address(es)

  • From: James-lists
  • Date: Mon Dec 16 17:40:01 2002

> I'm sure you can look in the archives of this list for
messages from me
> about this very thing... :) In short: "Every ISP should
have 24/7 security
> support for customers under attack." That support should
include, acls,
> null routes, tracking the attack to the ingress. Rarely do
rate-limits do
> any good in the case of DoS attacks... (this part is a
debate for another
> thread)

Yes, we have those ready to go. And tools like Snort/Spade
and Net Flow to identify the problem
and suggest ACL's and null routes, ect. My question is more
about an upstream provider for an ISP
(I was calling this backbone). Clearly UU has a system well
in place but I would like to hear others experiences
with their upstream providers and DoS's. I know what kind of
help me upstreams will provide, as I have asked,
I am just trying to get a feel for others experiences.

James Edwards
[email protected]
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office: