|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Identifying DoS-attacked IP address(es)
On Mon, 16 Dec 2002, Feger, James wrote: > > AT&T also does the basics. ACL's, null routes, tracking back to ingress. as does sprint and C&W. MFN can sometimes help, depends on who you talk to as I recall, and Verio is quick to fix problems... L3 had some problems in the past, my last experience with them was 'ok' though not stellar. I'm having a bit of trouble getting more off the top of my head, aside from the George Mason Computer group that just unplugged a machine in a dorm for me :) > > -james > > > On Mon, 16 Dec 2002, James-lists wrote: > > > > > > I'm sure you can look in the archives of this list for > > messages from me > > > about this very thing... :) In short: "Every ISP should > > have 24/7 security > > > support for customers under attack." That support should > > include, acls, > > > null routes, tracking the attack to the ingress. Rarely do > > rate-limits do > > > any good in the case of DoS attacks... (this part is a > > debate for another > > > thread) > > > > Yes, we have those ready to go. And tools like Snort/Spade > > and Net Flow to identify the problem > > and suggest ACL's and null routes, ect. My question is more > > about an upstream provider for an ISP > > (I was calling this backbone). Clearly UU has a system well > > in place but I would like to hear others experiences > > with their upstream providers and DoS's. I know what kind of > > help me upstreams will provide, as I have asked, > > I am just trying to get a feel for others experiences. > > > > James Edwards > > [email protected] > > At the Santa Fe Office: Internet at Cyber Mesa > > Store hours: 9-6 Monday through Friday > > Phone support 365 days till 10 pm via the Santa Fe office: > > 505-988-9200 > > > > > > > > >
|