abuse reporting tools

John Kristoff jtk at cymru.com
Wed Nov 19 17:14:19 UTC 2014


On Tue, 18 Nov 2014 16:58:24 -0800
Mike <mike-nanog at tiedyenetworks.com> wrote:

>      I provide broadband connectivity to mostly residential users.
> Over the past few years, instances of DDoS against the network -
> specfically targeting end users - has been on the rise, and today I
> can qualify many of these as simple acts of revenge where someone
> will engage a dos (possibly, services like 'booters' or similar)
> because they lost an online game or had some interactive in a forum
> they didn't like.

Hi Mike,

I certainly sympathize with you about dealing with this sort of
activity.  Since you seem to be willing to invest some effort into
mitigating it, what would also be interesting is to compile a summary
of this activity that you're seeing.  Answering questions such as how
often does it happen, the duration when it does, what games are most
commonly associated with the attacks you're seeing, what are the attack
characteristics and so on.  Having good insight into these attacks in
formulating responses or going off and performing their own research to
get closer to the who, why and how so they can be mitigated in other
ways too.  If you ever attend a NANOG, a presentation about your
experiences might be welcome, it would very likely be in the security
track, which I sometimes help moderate if you want to consider it.

> I have good 'consumer broadband' filtering rules in place which make
> sense and protect against quite a lot of obviously ddos oriented
> traffic streams.

Do you ever find that the attacks overwhelm your network or are they
usually just big enough to disrupt your downstream customer?

> I am wondering if anyone has a pointer or reference to any tools
> which might help facillitate this?

I can point you to some tools and references I'm aware of, but I can't
talk about how effectively they are operationally or whether or not you
should abide by or use them.

  AbuseHelper
  <http://abusehelper.be/>

  IETF RFC 5965 An Extensible Format for Email Feedback Reports
  <https://tools.ietf.org/html/rfc5965>

  IETF RFC 6650 Creation and Use of Email Feedback Reports
  <https://tools.ietf.org/html/rfc6650>

  Network Abuse Reporting 2.0
  <http://www.x-arf.org/>

  Net::Abuse::Utils
  <http://search.cpan.org/~mikegrb/Net-Abuse-Utils/>

John


More information about the NANOG mailing list