abuse reporting tools
Ken Chase
math at sizone.org
Wed Nov 19 02:43:59 UTC 2014
Just wait for GigE-everywhere.
I am almost sure that these new Gig-to-the-toaster residential installs have
very little rate filtering (or abuse response); let's hope that
oversubscription solves the issue handily as it has traditionally.
/kc
On Tue, Nov 18, 2014 at 08:19:01PM -0600, Rafael Possamai said:
>Some folks might disagree with this, but if it's an important service that
>I have running on a network, I will block a series of garbage AS's (closer
>to /8 the better) at the firewall (not at the edge) and that reduces the
>headaches by 50%. This isn't practical at the edge, but for system
>administration is the only way I have found to minimize the problem. A lot
>of times the owners of these IPs don't really care and won't take action.
>For example, the amount of garbage that comes out of FDC Servers in Chicago
>at times and not much is done.
>
>On Tue, Nov 18, 2014 at 6:58 PM, Mike <mike-nanog at tiedyenetworks.com> wrote:
>
>> Hello,
>>
>> I provide broadband connectivity to mostly residential users. Over the
>> past few years, instances of DDoS against the network - specfically
>> targeting end users - has been on the rise, and today I can qualify many
>> of these as simple acts of revenge where someone will engage a dos
>> (possibly, services like 'booters' or similar) because they lost an
>> online game or had some interactive in a forum they didn't like. I have
>> good 'consumer broadband' filtering rules in place which make sense and
>> protect against quite a lot of obviously ddos oriented traffic streams.
>> The next step I want to engage, for those types of traffic which I can
>> positively identify as not spoofed, is to send out abuse reports to
>> owners of ip ranges used to launch these attacks. Ideally I'd like to be
>> able to write up some form letter describing the attack, the source
>> ip(s) of note, some disassembled sample packets, and then feed a list of
>> IP source addresses and have it mail it out to the abuse contact at each
>> source network. I am wondering if anyone has a pointer or reference to
>> any tools which might help facillitate this?
>>
>> Thank you.
>>
>> Mike-
>>
--
Ken Chase - math at sizone.org
More information about the NANOG
mailing list