At 22:36 11/07/01 -0700, Jon O . wrote:
Ariel:
If you don't have these links already, they contain many resources for DDoS attack prevention and protection: http://staff.washington.edu/dittrich/misc/ddos/ http://www.cisco.com/warp/public/707/22.html http://www.denialinfo.com/
The only few things you can do on your end are: TCP Intercept Rate-limiting Conacting your upstream ISP Contacting ISP managing the sources of the attack
Other people might have more/other suggestions.
You initial email asked for AboveNet contact. Did you get some assistance and if so what was the resolution? This is very important for us to know so we can kind of keep track of cooperative ISPs and the ones that just ignore these problems.
And then what? Suppose you had a list of non-cooperative ISPs? What then? Experience has shown that the ISPs that don't care, won't care no matter what you say or do (those who follow FIRST know I have a lot to say on this matter, but have been holding back to give those non-cooperative ISPs time to make matters right - we are now on day 5 of a continuous non-spoofed 20Mb/sec dDoS attack :-)). Convince me why a list of non-cooperative ISPs is a thing that would help. -Hank
Thanks, Jon