We have a firewall (was Re: Pakistan government orders ISPservice level agreement)
scott at wworks.net
Wed May 7 00:25:54 UTC 2003
Unless you actually call UUnet and your not a customer, God help you then.
Some companies are very very good at dealing with DDOS, Internap being one
and UUNET if you are a customer another. Even a post here although maybe
not exactly proper will get you responses from people like Chris and so on
who can and will be helpful.
----- Original Message -----
From: "Phil Rosenthal" <pr at isprime.com>
To: "E.B. Dreger" <eddy+public+spam at noc.everquick.net>; <nanog at merit.edu>
Sent: Tuesday, May 06, 2003 5:02 PM
Subject: Re: We have a firewall (was Re: Pakistan government orders
ISPservice level agreement)
> On 5/6/03 7:51 PM, "E.B. Dreger" <eddy+public+spam at noc.everquick.net>
> > SD> Date: Tue, 6 May 2003 19:28:48 -0400 (EDT)
> > SD> From: Sean Donelan
> > SD> The Pakistan Telecommunications Company Ltd has aquired a
> > SD> firewall to solve the DDOS situation impacting Internet
> > SD> service in the country. An unnamed security advisor asserted
> > SD> the proper use of a firewall would control the DDOS attacks
> > SD> and prevent hacking.
> > Now the DDoS melts the pipes _and_ the firewall. I'd like to
> > know if said "consultant" ever considered recommending the PTC
> > contact their upstreams for help with backtrace/blocking. Anyone
> > with a modicum of clue (or Google access) should figure out that
> > one...
> Not every upstream is as clueful as Uunet, and not every noc employee is
> clueful as Chris and Brian at UUnet.
> It has been my experience that most upstreams have no concept that they
> backtrace, and generally have no interest in helping you do it. I'm not
> mudslinging here, so I won't say who my experience is with, but a few
> transitless/near transitless upstreams I've dealt with were most
> either because they didn't know how to help, or worse, they did know how
> help and didn't care.
> And, depending on the nature of the DDoS attack, perhaps it isn't related
> saturation, but rather to overloading router processors, or something else
> that can effectively be filtered customer-side?
> Our policy as of late has just been to make sure we have equipment on our
> side fast enough to filter at wire speed, and get enough capacity to our
> upstreams that it is signifigantly unlikely that anyone could generate
> enough traffic to saturate it (in which case, we would have no choice but
> ask carriers to filter, and backtrace).
> > Eddy
> > --
> > Brotsman & Dreger, Inc. - EverQuick Internet Division
> > Bandwidth, consulting, e-commerce, hosting, and network building
> > Phone: +1 (785) 865-5885 Lawrence and [inter]national
> > Phone: +1 (316) 794-8922 Wichita
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
> > From: A Trap <blacklist at brics.com>
> > To: blacklist at brics.com
> > Subject: Please ignore this portion of my mail signature.
> > These last few lines are a trap for address-harvesting spambots.
> > Do NOT send mail to <blacklist at brics.com>, or you are likely to
> > be blocked.
More information about the NANOG