North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)

  • From: Scott Granados
  • Date: Tue May 06 20:28:20 2003

Unless you actually call UUnet and your not a customer, God help you then.

Some companies are very very good at dealing with DDOS, Internap being one
and UUNET if you are a customer another.  Even a post here although maybe
not exactly proper will get you responses from people like Chris and so on
who can and will be helpful.

----- Original Message ----- 
From: "Phil Rosenthal" <[email protected]>
To: "E.B. Dreger" <[email protected]>; <[email protected]>
Sent: Tuesday, May 06, 2003 5:02 PM
Subject: Re: We have a firewall (was Re: Pakistan government orders
ISPservice level agreement)


>
> On 5/6/03 7:51 PM, "E.B. Dreger" <[email protected]>
wrote:
>
> >
> > SD> Date: Tue, 6 May 2003 19:28:48 -0400 (EDT)
> > SD> From: Sean Donelan
> >
> >
> > SD> The Pakistan Telecommunications Company Ltd has aquired a
> > SD> firewall to solve the DDOS situation impacting Internet
> > SD> service in the country.  An unnamed security advisor asserted
> > SD> the proper use of a firewall would control the DDOS attacks
> > SD> and prevent hacking.
> >
> > Now the DDoS melts the pipes _and_ the firewall.  I'd like to
> > know if said "consultant" ever considered recommending the PTC
> > contact their upstreams for help with backtrace/blocking.  Anyone
> > with a modicum of clue (or Google access) should figure out that
> > one...
> >
> Not every upstream is as clueful as Uunet, and not every noc employee is
as
> clueful as Chris and Brian at UUnet.
>
> It has been my experience that most upstreams have no concept that they
CAN
> backtrace, and generally have no interest in helping you do it.  I'm not
> mudslinging here, so I won't say who my experience is with, but a few
> transitless/near transitless upstreams I've dealt with were most
unhelpful,
> either because they didn't know how to help, or worse, they did know how
to
> help and didn't care.
>
> And, depending on the nature of the DDoS attack, perhaps it isn't related
to
> saturation, but rather to overloading router processors, or something else
> that can effectively be filtered customer-side?
>
> Our policy as of late has just been to make sure we have equipment on our
> side fast enough to filter at wire speed, and get enough capacity to our
> upstreams that it is signifigantly unlikely that anyone could generate
> enough traffic to saturate it (in which case, we would have no choice but
to
> ask carriers to filter, and backtrace).
>
> --Phil
> ISPrime
> >
> > Eddy
> > --
> > Brotsman & Dreger, Inc. - EverQuick Internet Division
> > Bandwidth, consulting, e-commerce, hosting, and network building
> > Phone: +1 (785) 865-5885 Lawrence and [inter]national
> > Phone: +1 (316) 794-8922 Wichita
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
> > From: A Trap <[email protected]>
> > To: [email protected]
> > Subject: Please ignore this portion of my mail signature.
> >
> > These last few lines are a trap for address-harvesting spambots.
> > Do NOT send mail to <[email protected]>, or you are likely to
> > be blocked.
> >
>
>