Just thought that I would post that as one of goodnet's larger customers (DS3), we are
VERY satisfied with their NOC, as well as their service. Whenever I have a problem, I
can get a member of the goodnet staff to respond quicker than my other upstreams...
(hint Sprint)
Reid Fishler
Lightning Internet Services, LLC
Wait until you get smurfed and ask them to use the MCI-developed tracing
tools and get a "duhhhhh" back in response.
They might have fixed this by now (since we bitched LOUDLY about this) but
as of a few weeks ago the NOC had *no idea* how to trace this kind of
activity - at all - nor any desire to learn.
You will NOW, after you were threatened with the loss of our account if you
refused to assist again.
The bottom line is that MONTHS after these were made available your NOC crew
didn't know what the hell I was talking about, and told me point blank that
it was *NOT YOUR FIRMS RESPONSIBILITY* to trace such an attack while it was
in process.
Hello Karl & All, Where or at what price are these tools
  available.
      Tia, JimL
PS: In a further responce Karl was heard to say :
The bottom line is that MONTHS after these were made available your NOC crew
  I never heard nor was made aware that these tools were available,
  even though I am an MCI Customer . 
JimL;
Hello Karl & All, Where or at what price are these tools
available.
MCI's tracing tool, DoSTracker, is available- free of charge - at MCI's
Security Web site; http://www.security.mci.net/dostracker . Please
let me know if you have ANY problems with it. Keep in mind that it
was designed with specific operating conditions in mind; mostly that you'll
need a tool of this nature to trace denial of service attacks (of a
wide variety) across a backbone that you own, in order to find it's
ingress point.
If you're a single-homed end customer (AND you have a small internal
network), DoSTrack isn't going to be a very worthwhile tool for you.
    Tia, JimL
PS: In a further responce Karl was heard to say :The bottom line is that MONTHS after these were made available your NOC
crew
I never heard nor was made aware that these tools were available,
even though I am an MCI Customer .
Sorry - Identifying the specific and correct contact within all our end
customers
who would be interested in such a tool is a difficult task (and I don't
make it a
habit of sending unsolicited commercial email messages, even if they are
to our customers :> ), which is why discussion lists of this nature where
created,
and DoSTracker was announced on this list.
Feel free to visit; http://infopage.mci.net and
http://www.security.mci.net, which
should provide you the type of information you are looking for, and is
regularly (?) updated.
Dale
                "We all live in a Yellow Subroutine..."
Free. Virtually all providers who are default-free have them or they damn
well ought to.
If you CAN, you should be refusing forged source addresses from your
dedicated customers. I fully understand that not everyone CAN do this due
to the limitations of their architectures - in particular, high-aggregation
routers for customer connects have this ugly problem with running out of
CPU.
However, if a forged-source data stream IS traced to one of your customers,
expect a harsh response from the general network community. This attack is
well-enough known by now that I consider anyone unable to immediately and
permanently deal with such an incident to be somewhere beneath contempt.
Frankly, for the majority of providers even simple filtering (ie: is it from
one of our networks) coupled with INTELLIGENT address assignment policies
make this a non-issue. Unfortunately, the HUGE majority of major network
providers don't even seem to think that its a big deal to allow directed
broadcasts to cross their network architecture - which is "step 0" in
defusing this problem.