Compromised Hosts?

• Previous message (by thread): Compromised Hosts?
• Next message (by thread): Compromised Hosts?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 07:26 PM 21/03/2004, Deepak Jain wrote:
>Nanogers -
>
>         Would any broadband providers that received automated, detailed 
> (time/date stamp, IP information) with hosts that are being used to 
> attack (say as part of a DDOS attack) actually do anything about it?

 From my experiences, some are much better than others.  The main thing I 
think is to make it as clear and as easy to for the provider to act on the 
issue. So include things like, source IP,port, dest IP,port,  time stamps 
in GMT.  Note that the time is actually accurate--i.e. your clocks are NTP 
sync'd and make that clear in the report.


>         Would the letter have to include information like "x.x.x.x/32 has 
> been blackholed until further notice or contact with you" to be effective?

No.

         ---Mike 

• Previous message (by thread): Compromised Hosts?
• Next message (by thread): Compromised Hosts?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]