Request for contact and procedure information

Jon Kibler Jon.Kibler at aset.com
Thu Jul 9 22:52:11 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Charles Wyble wrote:
> All,
> 
> I'm currently experiencing a DDOS attack on my home DSL connection.
> 
> Thousands of requests to port 80.
> 
> I'm on an SBC business class account.
> 
> I'm guessing that calling the regular customer support won't get me
> anywhere.
> 
> Any suggestions?

Okay, this is going to sound REALLY lame, but IMHO it may be your best bet to
get action from SBC:

   1) File a police report with your local law enforcement agency and (CRITICAL)
get a case number. (You should have well documented when the attack started,
too. If asked why you waited so long to report it, explain that you were not
familiar with procedures. You may also be asked what you have that someone wants
to attack. "I don't know" is an acceptable answer, if that is the truth.) When
local law enforcement completes taking the report, request that your local law
enforcement escalate the case to the local/regional FBI office (specifically
mention InfraGuard).

   2) Call your local FBI office and ask to speak to the InfraGuard coordinator.
(If it is a small office, they may refer you to your regional office.) Tell them
you are being DDOSed, that you have filed a report with local law enforcement
(give them agency and case number), tell them who is your ISP and contact
information, and tell them ISP has been uncooperative at resolution. Ask them
can they please help -- at a minimum, can they contact the ISP and get them to
start null routing DDOS traffic.

Just out of curiosity, do you have any traffic capture? If so, what type of
attack is it? SYN flood, Apache instance starvation, etc.?

You may want to do some packet capture for hand-over to law enforcement.

I know this sounds lame, but I also CONSTANTLY hear from InfraGuard that they
want to be informed of these types of attacks, and they will help when resources
permit.

Don't expect miracles. But it is better than nothing.

Finally, document, document, document!!!

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924	(NEW!)
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpWuusACgkQUVxQRc85QlNN1gCeJzqVXPfYpeOxcFJxDaTbU1q4
8IoAn1E5QjOZB1usTJO39qp2EIkJpdqW
=VM8D
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the NANOG mailing list