> Is there any place where people with experience dealing with DDoS attacks > hang out? I'm getting very little assistance from my upstream beyond > "call whomever is in charge of each IP attacking and make them stop", and > "even though we null route the destination IP being attacked, this traffic > will be billed".
It seems that you should look somewhere else for your next bandwidth contract... > I've got a nice snippet of flows, so I can mostly see where everything is > coming from, and it's obvious what the target is, but my > flow-stat/flow-report skills are pretty weak. Fake or real source IPs ? TCP SYNs, ICMPs, UDPs ? Rubens