North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: real-time DDoS help?
With the lamentable exception of the IRC suggestions, there have been some very good comments on this. However, in the interest of beating a dead horse (and not aimed directly at Charles) - Think about stuff like this when picking your transit providers. There is some conventional wisdom that Internet transit is a commodity. While it is in some ways, there are a couple areas that are anything but: Security (and security response), including DDOS abatement. Does your provider do Remote Triggered Blackhole Filtering? Does your provider have backscatter servers? Does your provider have Arbor or some other solution? Support - Does your provider have a true 24x7 security contact? Is there escalation? Can you reach someone clueful when you really need to? Business Practices - Are your providers so shifty that they will drag their feet on fixing a DDOS problem in order to get your 95% billing pegged to the capacity of your link? When we select providers based purely on cost, as some web hosters/network access providers tend to do, then you have to put up with deficiencies in these areas. As engineers we must be able to communicate these qualitative differences to the folks who are looking at the bottom line. You get what you pay for, most of the time. You almost never get what you don't pay for. - Dan On 6/19/04 10:04 PM, "Charles Sprickman" <firstname.lastname@example.org> wrote: > > Howdy, > > Is there any place where people with experience dealing with DDoS attacks > hang out? I'm getting very little assistance from my upstream beyond > "call whomever is in charge of each IP attacking and make them stop", and > "even though we null route the destination IP being attacked, this traffic > will be billed". > > I've got a nice snippet of flows, so I can mostly see where everything is > coming from, and it's obvious what the target is, but my > flow-stat/flow-report skills are pretty weak. > > Oddly, in eight years of working for smallish ISPs I've never been hit > very hard, believe it or not. Is the response from my upstream typical? > I was expecting a bit more cooperation rather than them seeing as this as > an opportunity to bill me for lots of traffic. > > Thanks, > > Charles > > -- > Charles Sprickman > email@example.com >