19 Jun
2004
19 Jun
'04
10:49 p.m.
Is there any place where people with experience dealing with DDoS attacks hang out? I'm getting very little assistance from my upstream beyond "call whomever is in charge of each IP attacking and make them stop", and "even though we null route the destination IP being attacked, this traffic will be billed".
It seems that you should look somewhere else for your next bandwidth contract...
I've got a nice snippet of flows, so I can mostly see where everything is coming from, and it's obvious what the target is, but my flow-stat/flow-report skills are pretty weak.
Fake or real source IPs ? TCP SYNs, ICMPs, UDPs ? Rubens