Reporting DDOS reflection attacks

• Previous message (by thread): Reporting DDOS reflection attacks
• Next message (by thread): Reporting DDOS reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/09/2014 09:31 AM, Brian Rak wrote:

> Some tips:
> 1) Verify the servers are still vulnerable.  This is pretty straightforward, and saves everyone
> involved some time
For a DDOS, I'd be concerned that the provider would now think my activity was malicious.

> 2) Your abuse emails should include tcpdump-like output (or you'll get tons of replies asking for logs)
Is the output from nfdump close enough?

> 3) Sticking to one abusive IP per email seems to get the best response rate (or you confuse all the
> automated systems for parsing these)
The smallest email abuse report I sent last week contained over 15,000 IPs. Is it really better to
send that many emails?

• Previous message (by thread): Reporting DDOS reflection attacks
• Next message (by thread): Reporting DDOS reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]