Identifying DoS-attacked IP address(es)

James-lists hackerwacker at
Mon Dec 16 22:38:03 UTC 2002

> I'm sure you can look in the archives of this list for
messages from me
> about this very thing... :) In short: "Every ISP should
have 24/7 security
> support for customers under attack." That support should
include, acls,
> null routes, tracking the attack to the ingress. Rarely do
rate-limits do
> any good in the case of DoS attacks... (this part is a
debate for another
> thread)

Yes, we have those ready to go. And tools like Snort/Spade
and Net Flow to identify the problem
and suggest ACL's and null routes, ect. My question is more
about an upstream provider for an ISP
(I was calling this backbone). Clearly UU has a system well
in place but I would like to hear others experiences
with their upstream providers and DoS's. I know what kind of
help me upstreams will provide, as I have asked,
I am just trying to get a feel for others experiences.

James Edwards
jamesh at
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
Phone support 365 days till 10 pm via the Santa Fe office:

More information about the NANOG mailing list