Identifying DoS-attacked IP address(es)

Feger, James jfeger at
Mon Dec 16 23:50:10 UTC 2002

AT&T also does the basics.  ACL's, null routes, tracking back to ingress.


On Mon, 16 Dec 2002, James-lists wrote:

> > I'm sure you can look in the archives of this list for
> messages from me
> > about this very thing... :) In short: "Every ISP should
> have 24/7 security
> > support for customers under attack." That support should
> include, acls,
> > null routes, tracking the attack to the ingress. Rarely do
> rate-limits do
> > any good in the case of DoS attacks... (this part is a
> debate for another
> > thread)
> Yes, we have those ready to go. And tools like Snort/Spade
> and Net Flow to identify the problem
> and suggest ACL's and null routes, ect. My question is more
> about an upstream provider for an ISP
> (I was calling this backbone). Clearly UU has a system well
> in place but I would like to hear others experiences
> with their upstream providers and DoS's. I know what kind of
> help me upstreams will provide, as I have asked,
> I am just trying to get a feel for others experiences.
> James Edwards
> jamesh at
> At the Santa Fe Office: Internet at Cyber Mesa
> Store hours: 9-6 Monday through Friday
> Phone support 365 days till 10 pm via the Santa Fe office:
> 505-988-9200

More information about the NANOG mailing list