Jeffrey Lyon wrote:
All,
There are few if any ISP that will help you with something like this. Law enforcement also does not have the resources to even begin to look at a single DSL line being attacked unless you can show 7+ figures in damage or some type of major threat to national infrastructure.
Your options are basically as follows:
1) Use csf . If properly tuned this should be sufficient to filter minor attacks. 2) Invest in a decent firewall like a Juniper Netscreen and set session limits. This won't stop an attack but it will limit the amount of traffic you have to filter locally. 3) Ask SBC to null route the IP completely 4) Invest in an actual protection service.
Last time I had to deal with a DDoS coming over a Sprint circuit (multilink T1) they transferred me to someone in security and they started null routing things. Initially they were treating it as trouble because the BGP session kept resetting, but once we all figured out it was a DDoS the resolution was quick and painless. Maybe my experience is abnormal? I don't know. ~Seth