Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Compromised Hosts?

  • From: Mike Tancsa
  • Date: Sun Mar 21 22:08:58 2004

At 07:26 PM 21/03/2004, Deepak Jain wrote:
Nanogers -

Would any broadband providers that received automated, detailed (time/date stamp, IP information) with hosts that are being used to attack (say as part of a DDOS attack) actually do anything about it?
From my experiences, some are much better than others. The main thing I think is to make it as clear and as easy to for the provider to act on the issue. So include things like, source IP,port, dest IP,port, time stamps in GMT. Note that the time is actually accurate--i.e. your clocks are NTP sync'd and make that clear in the report.


Would the letter have to include information like "x.x.x.x/32 has been blackholed until further notice or contact with you" to be effective?
No.

---Mike




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.