|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: How many backbones here are filtering the makelovenotspam scr eensaver site?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Aaron Glenn [mailto:[email protected]] > Sent: Thursday, December 02, 2004 2:52 PM > To: Chad Skidmore > Cc: [email protected] > Subject: Re: How many backbones here are filtering the > makelovenotspam scr eensaver site? > > On Thu, 2 Dec 2004 12:55:02 -0800, Chad Skidmore > <[email protected]> wrote: > > To your other point, how do you know that other botnets are > not being > > identified and taken down every day by network operators? I > know for a > > fact that they are, they just are not nearly as public as > this one so > > those activities go largely unacknowledged. > > I find that very hard to believe. After getting nailed > (900Mbps/4000 unique hosts from the 1 second network capture > we could get) by a > relatively(?) small botnet, and doing all the hard work for > them, not one of the 20 networks we contacted (9 being very > very large) gave a flying peice of excriment as to what was going > on. > > It wasn't the first and probably won't be the last. Is that > too small a fish to fry? Do ops only care when its 2Gbps of > sustained traffic chocking their border routers, because I'm > half way there... > > </rant> > > Regards, > Aaron > Sorry your experience has been different, this is definitely one of those YMMV kinds of deals. That is a significant attack by most anyone's standards. Getting to the right security team usually ends up being the challenge. Once there however we have found many providers do a great job of dealing with attacks quickly. Use of BGP triggered blackholes can be a great help and going to the NOC/Abuse team with lots of good information from the start helps you get to the people that can pull the attack of quickly. You have to remember that, like all of us, larger service providers have their share of low clue factor customers. The quicker you can help them realize that you have a fairly high clue factor the quicker you'll get to folks on their side with a high clue factor. During times of outages, attacks, etc. it is easy to get agitated quickly and that often times doesn't help you get through the first couple of barrier noc techs. Anyway, just my $.02 worth and as we can see YMMV. Chad - ---------------------------- Chad E Skidmore One Eighty Networks, Inc. http://www.go180.net 509-688-8180 -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQa+fTk2RUJ5udBnvEQIMeACeOEuV1XA64yujh+hKEypGPedyL4kAoN0I tjq/VueRQrb0gjJ2aHxHy4KY =yFzW -----END PGP SIGNATURE-----
|