real-time DDoS help?
Charles Sprickman
spork at inch.com
Sun Jun 20 03:43:50 UTC 2004
On Sun, 20 Jun 2004, Christopher L. Morrow wrote:
> which of your 2 upstreams isn't helping out? I'm fairly certain both
> providers have security groups, and do mitigate attacks for customers on a
> regular basis. Perhaps you are not getting in touch with the correct
> customer service folks? We often have this issue ;(
I don't want to go too much into it, but HE.net, once they supplied me
with the proper channels immediately null-routed the IP, hurrah! I'm
waiting on the answer as to whether we get billed or not for this traffic.
The other upstream whom I won't name is through a reseller. That wasn't
necessarily our first choice, but their own sales department told us to go
with a reseller as they were not interested in two cabinets and a 100Mb
handoff, so that's what we did.
I'm hoping their reseller is just misunderstanding something here. For a
long time he kept telling me "this is illegal, you need to contact the
source networks and make them stop it", so I'm guessing DDoS is not a
subject he's intimately familiar with (nor am I, but I understand the
mechanics of it, and I don't think that I could contact each source in my
lifetime).
Thanks to everyone for your input. To answer some other questions, the
box under attack is not a client box, but it is the main webserver for the
ISP's own site and ~user sites. It's also has shell accounts, but since
I've been here I've not seen one complaint about any of our users. Most
seem to not know much beyond how to use "pine". I think most of our
heavy-duty irc users are using windows clients at home, any irc tools on
the server are horribly dated. Not saying it's not a possibility, but I
do personally watch "abuse@" and I've not seen anyone complain about the
box.
Thanks again,
Charles
> >
> > Basement multihomers unite.
> >
>
> hurray!
>
More information about the NANOG
mailing list