Request for contact and procedure information
Jon.Kibler at aset.com
Thu Jul 9 23:02:21 CDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Jon Kibler wrote:
> Charles Wyble wrote:
>> I'm currently experiencing a DDOS attack on my home DSL connection.
>> Thousands of requests to port 80.
>> I'm on an SBC business class account.
>> I'm guessing that calling the regular customer support won't get me
>> Any suggestions?
> Okay, this is going to sound REALLY lame, but IMHO it may be your best bet to
> get action from SBC:
> 1) File a police report with your local law enforcement agency and (CRITICAL)
> get a case number. (You should have well documented when the attack started,
> too. If asked why you waited so long to report it, explain that you were not
> familiar with procedures. You may also be asked what you have that someone wants
> to attack. "I don't know" is an acceptable answer, if that is the truth.) When
> local law enforcement completes taking the report, request that your local law
> enforcement escalate the case to the local/regional FBI office (specifically
> mention InfraGuard).
> 2) Call your local FBI office and ask to speak to the InfraGuard coordinator.
> (If it is a small office, they may refer you to your regional office.) Tell them
> you are being DDOSed, that you have filed a report with local law enforcement
> (give them agency and case number), tell them who is your ISP and contact
> information, and tell them ISP has been uncooperative at resolution. Ask them
> can they please help -- at a minimum, can they contact the ISP and get them to
> start null routing DDOS traffic.
> Just out of curiosity, do you have any traffic capture? If so, what type of
> attack is it? SYN flood, Apache instance starvation, etc.?
> You may want to do some packet capture for hand-over to law enforcement.
> I know this sounds lame, but I also CONSTANTLY hear from InfraGuard that they
> want to be informed of these types of attacks, and they will help when resources
> Don't expect miracles. But it is better than nothing.
> Finally, document, document, document!!!
I hate to reply to my own email... but as soon as I hit "SEND", I realized I
left off something important...
You said you have Business Class DSL. Is this for a business? If so, have your
lawyer contact SBC. S/he should request to talk with the department manager for
small business services. That, too, may help get action. Be sure to provide
him/her with written documentation on everything you can regarding the attack.
The more information that s/he has, the better to beat up on SBC with.
Finally, what does your TOS/SLA say about DDoS? Most have something to say about
ISP liability in the mitigation of such attacks.
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
c: 843-813-2924 (NEW!)
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.
More information about the NANOG