North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Compromised Hosts?
- From: Mike Tancsa
- Date: Sun Mar 21 22:08:58 2004
At 07:26 PM 21/03/2004, Deepak Jain wrote:
From my experiences, some are much better than others. The main thing I
think is to make it as clear and as easy to for the provider to act on the
issue. So include things like, source IP,port, dest IP,port, time stamps
in GMT. Note that the time is actually accurate--i.e. your clocks are NTP
sync'd and make that clear in the report.
Would any broadband providers that received automated, detailed
(time/date stamp, IP information) with hosts that are being used to
attack (say as part of a DDOS attack) actually do anything about it?
Would the letter have to include information like "x.x.x.x/32 has
been blackholed until further notice or contact with you" to be effective?