Reporting DDOS reflection attacks
srn.nanog at prgmr.com
srn.nanog at prgmr.com
Sun Nov 9 17:43:47 UTC 2014
On 11/09/2014 09:31 AM, Brian Rak wrote:
> Some tips:
> 1) Verify the servers are still vulnerable. This is pretty straightforward, and saves everyone
> involved some time
For a DDOS, I'd be concerned that the provider would now think my activity was malicious.
> 2) Your abuse emails should include tcpdump-like output (or you'll get tons of replies asking for logs)
Is the output from nfdump close enough?
> 3) Sticking to one abusive IP per email seems to get the best response rate (or you confuse all the
> automated systems for parsing these)
The smallest email abuse report I sent last week contained over 15,000 IPs. Is it really better to
send that many emails?
More information about the NANOG
mailing list