North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: real-time DDoS help?

  • From: Christopher L. Morrow
  • Date: Sun Jun 20 03:06:44 2004

On Sat, 19 Jun 2004, Charles Sprickman wrote:

> On Sun, 20 Jun 2004, Christopher L. Morrow wrote:
>
> > which of your 2 upstreams isn't helping out? I'm fairly certain both
> > providers have security groups, and do mitigate attacks for customers on a
> > regular basis. Perhaps you are not getting in touch with the correct
> > customer service folks? We often have this issue ;(
>
> I don't want to go too much into it, but HE.net, once they supplied me
> with the proper channels immediately null-routed the IP, hurrah!  I'm
> waiting on the answer as to whether we get billed or not for this traffic.

obviously I can't speak for eiteher of your providers, but normally you'd
only get billed for traffic that goes down your link to the provider, not
for traffic which enters the provider and isn't delivered to you.

>
> I'm hoping their reseller is just misunderstanding something here.  For a
> long time he kept telling me "this is illegal, you need to contact the
> source networks and make them stop it", so I'm guessing DDoS is not a
> subject he's intimately familiar with (nor am I, but I understand the
> mechanics of it, and I don't think that I could contact each source in my
> lifetime).

Depending on the situation you might not have much other recourse :( To
stop the pain though, each provider should provide you with some immediate
actions. Perhaps asking them if you can do customer triggered blackholing?