Reporting DDOS reflection attacks
paul.w.bennett at gmail.com
Sat Nov 8 07:20:05 UTC 2014
On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
> On 8 Nov 2014, at 1:56, srn.nanog at prgmr.com wrote:
>> But right now how should we be doing it?
Once you get the ASN or at least the domain name of the ISP providing
service to the reflecting host, several major reputable ISPs
(including my employer, who I can't name because I'm not an official
spokesperson) will welcome RFC 5070 "IODEF" reports for general
network abuse and RFC 5965 "MARF" format for email abuse, directed to
[email protected] the main domain for that ISP.
Paul W Bennett
More information about the NANOG