|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: real-time DDoS help?
--On Saturday, June 19, 2004 22:04 -0400 Charles Sprickman <[email protected]> wrote: That's outrageous but not unheard of....if it never makes it to you then you shouldn't be billed for it.Howdy, Is there any place where people with experience dealing with DDoS attacks hang out? I'm getting very little assistance from my upstream beyond "call whomever is in charge of each IP attacking and make them stop", and "even though we null route the destination IP being attacked, this traffic will be billed". The normal flow unless you're a big guy yourself is to talk to your upstreams who contact theirs and put null routes in place at both steps. Depending on the size of the DDoS. My current place of employment we got nailed down with 100mbit+ SYN attack here recently (I had an eng from one of the major upstreams, can't rememebr which, quote it at north of 200mbit, but by the time it made it to me we were only attempting to sink about 90-120mbit, but we couldn't hardly keep up with that).I've got a nice snippet of flows, so I can mostly see where everything is coming from, and it's obvious what the target is, but my flow-stat/flow-report skills are pretty weak. Oddly, in eight years of working for smallish ISPs I've never been hit very hard, believe it or not. Is the response from my upstream typical? I was expecting a bit more cooperation rather than them seeing as this as an opportunity to bill me for lots of traffic. Most places will not charge for that. And I think it's absurd that anyone does, and that you should probably take your business elsewhere if your upstream is engaged in this sort of gouging.
|