Reporting DDOS reflection attacks

• Previous message (by thread): Reporting DDOS reflection attacks
• Next message (by thread): Reporting DDOS reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Out of curiosity, have any of you had luck reporting the sources of attacks
to the admins of the origin ASNs?

Any failure or success stories you can share?

Macca


On Sat, Nov 8, 2014 at 6:20 PM, Paul Bennett <paul.w.bennett at gmail.com>
wrote:

> On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
> >
> > On 8 Nov 2014, at 1:56, srn.nanog at prgmr.com wrote:
> >
> >> But right now how should we be doing it?
> >
> > <http://www.team-cymru.org/Services/ip-to-asn.html>
>
> Once you get the ASN or at least the domain name of the ISP providing
> service to the reflecting host, several major reputable ISPs
> (including my employer, who I can't name because I'm not an official
> spokesperson) will welcome RFC 5070 "IODEF" reports for general
> network abuse and RFC 5965 "MARF" format for email abuse, directed to
> abuse@ the main domain for that ISP.
>
> http://www.ietf.org/rfc/rfc5070.txt
>
> http://www.ietf.org/rfc/rfc5965.txt
>
>
>
> --
> Paul W Bennett
>

• Previous message (by thread): Reporting DDOS reflection attacks
• Next message (by thread): Reporting DDOS reflection attacks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]