North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: real-time DDoS help?
On Sun, 20 Jun 2004, Christopher L. Morrow wrote: > which of your 2 upstreams isn't helping out? I'm fairly certain both > providers have security groups, and do mitigate attacks for customers on a > regular basis. Perhaps you are not getting in touch with the correct > customer service folks? We often have this issue ;( I don't want to go too much into it, but HE.net, once they supplied me with the proper channels immediately null-routed the IP, hurrah! I'm waiting on the answer as to whether we get billed or not for this traffic. The other upstream whom I won't name is through a reseller. That wasn't necessarily our first choice, but their own sales department told us to go with a reseller as they were not interested in two cabinets and a 100Mb handoff, so that's what we did. I'm hoping their reseller is just misunderstanding something here. For a long time he kept telling me "this is illegal, you need to contact the source networks and make them stop it", so I'm guessing DDoS is not a subject he's intimately familiar with (nor am I, but I understand the mechanics of it, and I don't think that I could contact each source in my lifetime). Thanks to everyone for your input. To answer some other questions, the box under attack is not a client box, but it is the main webserver for the ISP's own site and ~user sites. It's also has shell accounts, but since I've been here I've not seen one complaint about any of our users. Most seem to not know much beyond how to use "pine". I think most of our heavy-duty irc users are using windows clients at home, any irc tools on the server are horribly dated. Not saying it's not a possibility, but I do personally watch "abuse@" and I've not seen anyone complain about the box. Thanks again, Charles > > > > Basement multihomers unite. > > > > hurray! >