Reporting DDOS reflection attacks

Paul Bennett paul.w.bennett at
Sat Nov 8 07:20:05 UTC 2014

On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins at> wrote:
> On 8 Nov 2014, at 1:56, srn.nanog at wrote:
>> But right now how should we be doing it?
> <>

Once you get the ASN or at least the domain name of the ISP providing
service to the reflecting host, several major reputable ISPs
(including my employer, who I can't name because I'm not an official
spokesperson) will welcome RFC 5070 "IODEF" reports for general
network abuse and RFC 5965 "MARF" format for email abuse, directed to
[email protected] the main domain for that ISP.

Paul W Bennett

More information about the NANOG mailing list