DoS Attacks

Wed Oct 8 23:19:39 UTC 2003

>
> Due to the efficiency of our upstream provider's abuse department,
> opening efficiently at 8 am and closing just as efficiently at 5 pm
(because we all know network abuse only occurs between 8 and 5), the ISP
wasn't going to be of much help with an attack that started at 6:30pm
localtime.
>
> Andrew D Kirch
> Security Admin - Summit Open Source Development Group
> http://www.sosdg.org
>

* A lot of Abuse Departments are going to close at around 5pm, because the
advanced staff that would know how to deal with such things goes home around
that time. But most of them should have an escalation procedure, which means
that there is someone(s) over the staff in the NOC or Call (Support) Center
which can be called if necessary. You should insist or demand the issue be
escalated if it warrants this. If they won't escalate it ask for the phone
number of the supervisor... If they escalate it and you don't get a call
back in 30-60 minutes ... call again (repeat until you get a call back). Be
prepared to justify why you have had your issue escalated complete with
emailable detailed information. Even if the guy that calls you back
(semi-technical manager type) doesn't have the proper clue, chances are he
has someone else on call that does.

If they don't have this escalation capability ... (IMHO) get a different
ISP.

---
Alan Spicer (a_spicerNOSPAM at bellsouth.net)
http://aspicer.homelinux.net/
Systems and Network Administration,
and Telecommunications
(954) 977-5245

"The wonderful thing about the Internet is that you're connected to everyone
else. The terrible thing about the Internet is that you're connected to
everyone else."  -- Vincent Cerf (Father of the Internet)

Customer: "The Internet is running too slow. Could you reboot it please?"

Customer: "So that'll get me connected to the Internet, right?"
Tech Support: "Yeah."
Customer: "And that's the latest version of the Internet, right?"
Tech Support: "Uhh...uh...uh...yeah."