abuse reporting tools

Rafael Possamai rafael at gav.ufsc.br
Wed Nov 19 02:19:01 UTC 2014

Some folks might disagree with this, but if it's an important service that
I have running on a network, I will block a series of garbage AS's (closer
to /8 the better) at the firewall (not at the edge) and that reduces the
headaches by 50%. This isn't practical at the edge, but for system
administration is the only way I have found to minimize the problem. A lot
of times the owners of these IPs don't really care and won't take action.
For example, the amount of garbage that comes out of FDC Servers in Chicago
at times and not much is done.

On Tue, Nov 18, 2014 at 6:58 PM, Mike <mike-nanog at tiedyenetworks.com> wrote:

> Hello,
>     I provide broadband connectivity to mostly residential users. Over the
> past few years, instances of DDoS against the network - specfically
> targeting end users - has been on the rise, and today I can qualify many
> of these as simple acts of revenge where someone will engage a dos
> (possibly, services like 'booters' or similar) because they lost an
> online game or had some interactive in a forum they didn't like. I have
> good 'consumer broadband' filtering rules in place which make sense and
> protect against quite a lot of obviously ddos oriented traffic streams.
> The next step I want to engage, for those types of traffic which I can
> positively identify as not spoofed, is to send out abuse reports to
> owners of ip ranges used to launch these attacks. Ideally I'd like to be
> able to write up some form letter describing the attack, the source
> ip(s) of note, some disassembled sample packets, and then feed a list of
> IP source addresses and have it mail it out to the abuse contact at each
> source network. I am wondering if anyone has a pointer or reference to
> any tools which might help facillitate this?
> Thank you.
> Mike-

More information about the NANOG mailing list