We have a firewall (was Re: Pakistan government orders ISPservice level agreement)

Christopher L. Morrow chris at UU.NET
Wed May 7 05:37:18 UTC 2003


On Wed, 7 May 2003, Tim Wilde wrote:
>
> I've had the exact opposite experience when calling UUnet.  I was told in

your upstream, InterNap I believe, called on your behalf, I believe I
also spoke directly with you or someone from dyndns... in the particular
case I am thinking of, about 2 weeks ago perhaps, we did trace the flood 3
times the same day. This information was provided to your upstream
provider.

Calling the NOC, as I said before (which you most likely actually called
the customer service number which isn't the NOC), is not productive
because no one in the NOC (or customer service group) has anyway to
authenticate that Tim is Tim from dyndns and not Tim from Savvis... or Tim
from UltraDns now trying to social engineer some 'outage' for their good
friends at DynDns :( (of course the names used are fictional and the
companies are used as a convenience for the example, nothing more)

> no uncertain terms that they WOULD NOT let me speak with ANYONE if I was
> not a customer, despite 10s of megabits of DDoS coming through their
> network to mine.  Maybe you called the right people, but UUnet's main NOC

Yes, your upstream, as I recall, Internap did call and we did help them to
the best of our ability, given the attack I recall... I can't remember the
specifics and for that I apologize...  :(

> line certainly had no interest in helping us.  And when our upstream who
> is a UUnet customer called them, they refused to even perform a backtrace
> without a subpoena in hand for the results of that backtrace.
>

as I said, for the attack I recall this was not the case. If the attack
was perhaps all UDP and not spoofed we don't bother tracing since its not
spoofed... perhaps that was the case?



More information about the NANOG mailing list