And I think teh bottom line from all this is to use some of the numbers You provided which will help us get better results. I certainly wrote them down:). ----- Original Message ----- From: "Christopher L. Morrow" <chris@UU.NET> To: "Tim Wilde" <twilde@dyndns.org> Cc: "John Payne" <john@sackheads.org>; <nanog@merit.edu> Sent: Tuesday, May 06, 2003 10:37 PM Subject: Re: We have a firewall (was Re: Pakistan government orders ISPservice level agreement)
On Wed, 7 May 2003, Tim Wilde wrote:
I've had the exact opposite experience when calling UUnet. I was told
in
your upstream, InterNap I believe, called on your behalf, I believe I also spoke directly with you or someone from dyndns... in the particular case I am thinking of, about 2 weeks ago perhaps, we did trace the flood 3 times the same day. This information was provided to your upstream provider.
Calling the NOC, as I said before (which you most likely actually called the customer service number which isn't the NOC), is not productive because no one in the NOC (or customer service group) has anyway to authenticate that Tim is Tim from dyndns and not Tim from Savvis... or Tim from UltraDns now trying to social engineer some 'outage' for their good friends at DynDns :( (of course the names used are fictional and the companies are used as a convenience for the example, nothing more)
no uncertain terms that they WOULD NOT let me speak with ANYONE if I was not a customer, despite 10s of megabits of DDoS coming through their network to mine. Maybe you called the right people, but UUnet's main
NOC
Yes, your upstream, as I recall, Internap did call and we did help them to the best of our ability, given the attack I recall... I can't remember the specifics and for that I apologize... :(
line certainly had no interest in helping us. And when our upstream who is a UUnet customer called them, they refused to even perform a
backtrace
without a subpoena in hand for the results of that backtrace.
as I said, for the attack I recall this was not the case. If the attack was perhaps all UDP and not spoofed we don't bother tracing since its not spoofed... perhaps that was the case?