RE: ISP's who filter ICMP during DoS?

Hello all,

  Absolutely. I have some good answers for you.

::WILLING to filter
  (0) Savvis - Took them 10 minutes to drop the 254/255 port
utilization of ICMP traffic on my T-1 I have from them. Their NOC (hats off
to 'Chris') is super-responsive.

  (1) UUNet - They're helpful, if you can get through to an actual
engineer, not a help desk drone...what is WITH these help desk people??

  (0) PSINet - Sorry guys. Both our T-1's (Savvis and PSINet) on one
segment got nailed....the Savvis boys loosened the noose, PSINet (help desk
drone) asked me to submit logs to their 'help@' mailbox, wait up to 24-hours
for a call back, and they'd go from there. Folks, I work for a
financial-services corporation, in 24 hours, I'd lose, what $200 million in
business? No wonder they're bankrupt. (Great engineers,
less-than-intelligent drones at the 'help desk').

  (1) Winstar - /chuckle/. They couldn't find me in their customer
database, but by the time they firgured out who I was, I had hung up and
cancelled the line. (We got this as a freebie, couldn't complain).

  (2) AT&T - I can't stand support drones that don't understand what
an ICMP flood is, much less know what to do with it. I had to explain to
them that ICMP flooding is a DDoS and that I needed someone from
engineering. Wow...Kevin couldn't convince this half-wit I conversed with
to get me to an engineer. I gave up and just let the router die.


Ralph M. Los
Asst. Vice-President, Internet Systems and Security
EnvestNet Advisory Corp.
(312) 827-3945 (direct)
(312) 296-9003 (wireless w/voicemail)

I'm not going to rant about 'who did you call at UUNET', but call the
support number, hit options 2,3,1 and ask for a router engineer... heck
you should have your security contact information, account info and what
is being attacked in hand and ready...

If you don't talk to security there is nothing security can do to help

Contact info: (Domestic) 1-800-900-0241 2,3,1
        (Interntional) 1-703-206-5440 2,3,1

Tell'm I sent you...