After 3 Denial of Service attacks in the last 4 days, I'm beginning to wonder if there should be a standardization of some sort of abuse departments. Or perhaps if there are some companys that should REALLY THINK (TM) about perhaps installing some. When my domain is under attack by yours, that means you've done something WRONG, and you need to take care of it, the same as I would if mine is under attack. How it's even concievable that you can operate without someone that has the authority to act on abuse 24/7 from your AS number's Org-Abuse is inconceivable.
Quite frankly the FBI cares not at all about Denial of Service attacks, because if they did such attacks wouldn't happen. If I try to break into and cease the abusive actions of these hosts, I am myself committing a felony to defend my site from attack. They however don't have someone on hand to stop the attacks and quite honestly the damage of not having a connection to the internet isn't expressable simply in monatary loss. Real change needs to happen as far as accountability across the internet. If everyone's going to run windows and kiddies are going to have packetnets that extend to millions of hosts, then someone needs to be on call at large consumer ISP's to yank cords when their customers boxes get compromised, the next ISP that tells me "we'll have someone call you about that tomorrow is going to get listed on nanog, and CC'd to an ISP hall of shame somewhere of my own making. Please, please impart clue on your abuse department. Allowing hosts in your domain to participate in DoS attacks is WRONG.
apologies for the grammar, after suffering from a 2 hour site outage due to DoS attack and the best reply I got was "well we'll call you" I'm at wits end.
> Matthew S. Hallacy wrote:
Maybe you should avoid pissing the kiddies off on IRC, or get something
other than Ameritech DSL if you want your upstream to give a damn.
>
I think he does make a fair observation about the state of many abuse departments today. How many posts do we see on here requesting someone with a clue in abuse from some domain in the average month?
And how many of them are taken care of by pointing them to Jared's NOC
list?
I recently had an issue with an open proxy/relay within berkeley.edu's resnet,
I shot off an email at around 2:30am CST, got a reply within 20 minutes,
and the box was off the net within an hour.
Most places will take care of abuse issues if they get to the right person,
but some places simply won't wake up their network admin at 11:00 on a saturday
night because some script kiddie's DSL is getting attacked by another
script kiddie on IRC.
You've had good experiences with abuse departments. I'm glad for you.
The rest of us have not.
Yes, some places ARE helpful when you call with a genuine problem. Most
places are not.
And honestly, regardless of the reason, shouldn't abuse departments be
responsive to this type of thing?
DoS attacks often effect more than the end target, they often cause
people on immediate surrounding network many problems also.
Most places will take care of abuse issues if they get to the right
person,
but some places simply won't wake up their network admin at 11:00 on a
saturday
night because some script kiddie's DSL is getting attacked by another
script kiddie on IRC.
Watch yourself poptix - you don't have such a squeaky clean past either.
Point is this. If your network/servers are being used in an attack against
someone else, you can be held responsible if you do not act in a timely
manner.
This "script kiddie's DSL" is actually a shared setup with several servers
on the end of it and a firewall. What happens to it also affects me and my
customers. When my customers go down, I get complaints.
Now, if your network was attacking mine from a comprimised box, and you
failed to act in a timely fashion, regardless if its a DSL or a T1 or a
dialup for that matter, I'd either sue you myself for allowing the attack to
continue, or give my customers your info and let THEM sue you for it.
Only if that script kiddie doesn't have a couple hundred DDoS drones, and most have quite a few more than that. The probelm with these zombie networks is that they could be controlled from a 14.4 dialup and still knock out anything but the biggest infrastructure links on the internet. Active cooperation is needed from abuse departments for the victims of these attacks so that the compromised hosts are shut off quickly.
I don't mean to be rude, but it sounds like you don't understand the way
the "script kiddies" operate. A dialup is more than sufficient.
Generally the attacker will have a number of compromised servers/home
PC's/workstations, etc, at their disposal.
Each has been infected with a particular type of trojan horse, which
allow the abuser to control the compromised machine.
The abuse can then instruct these tens, or hundreds, or thousands, or
now tens to hundreds of thousands of machines, to performa an attack
against a target.
Thus, the executor sits back on their dialup, which networks around the
world fight with each otehr to stay alive - the attacks for running out
of upstream bandwidth, and the victims for running out of downstream.
Yes, I agree with everyone, in a distributed environment many things are
possible. Perhaps I should have read the entire thread rather than
responding to a single message.
