abuse reporting tools

Ken Chase math at sizone.org
Wed Nov 19 02:43:59 UTC 2014


Just wait for GigE-everywhere.

I am almost sure that these new Gig-to-the-toaster residential installs have
very little rate filtering (or abuse response); let's hope that
oversubscription solves the issue handily as it has traditionally.

/kc


On Tue, Nov 18, 2014 at 08:19:01PM -0600, Rafael Possamai said:
  >Some folks might disagree with this, but if it's an important service that
  >I have running on a network, I will block a series of garbage AS's (closer
  >to /8 the better) at the firewall (not at the edge) and that reduces the
  >headaches by 50%. This isn't practical at the edge, but for system
  >administration is the only way I have found to minimize the problem. A lot
  >of times the owners of these IPs don't really care and won't take action.
  >For example, the amount of garbage that comes out of FDC Servers in Chicago
  >at times and not much is done.
  >
  >On Tue, Nov 18, 2014 at 6:58 PM, Mike <mike-nanog at tiedyenetworks.com> wrote:
  >
  >> Hello,
  >>
  >>     I provide broadband connectivity to mostly residential users. Over the
  >> past few years, instances of DDoS against the network - specfically
  >> targeting end users - has been on the rise, and today I can qualify many
  >> of these as simple acts of revenge where someone will engage a dos
  >> (possibly, services like 'booters' or similar) because they lost an
  >> online game or had some interactive in a forum they didn't like. I have
  >> good 'consumer broadband' filtering rules in place which make sense and
  >> protect against quite a lot of obviously ddos oriented traffic streams.
  >> The next step I want to engage, for those types of traffic which I can
  >> positively identify as not spoofed, is to send out abuse reports to
  >> owners of ip ranges used to launch these attacks. Ideally I'd like to be
  >> able to write up some form letter describing the attack, the source
  >> ip(s) of note, some disassembled sample packets, and then feed a list of
  >> IP source addresses and have it mail it out to the abuse contact at each
  >> source network. I am wondering if anyone has a pointer or reference to
  >> any tools which might help facillitate this?
  >>
  >> Thank you.
  >>
  >> Mike-
  >>

-- 
Ken Chase - math at sizone.org


More information about the NANOG mailing list