-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Charles Wyble wrote: > All, > > I'm currently experiencing a DDOS attack on my home DSL connection. > > Thousands of requests to port 80. > > I'm on an SBC business class account. > > I'm guessing that calling the regular customer support won't get me > anywhere. > > Any suggestions?
Okay, this is going to sound REALLY lame, but IMHO it may be your best bet to get action from SBC: 1) File a police report with your local law enforcement agency and (CRITICAL) get a case number. (You should have well documented when the attack started, too. If asked why you waited so long to report it, explain that you were not familiar with procedures. You may also be asked what you have that someone wants to attack. "I don't know" is an acceptable answer, if that is the truth.) When local law enforcement completes taking the report, request that your local law enforcement escalate the case to the local/regional FBI office (specifically mention InfraGuard). 2) Call your local FBI office and ask to speak to the InfraGuard coordinator. (If it is a small office, they may refer you to your regional office.) Tell them you are being DDOSed, that you have filed a report with local law enforcement (give them agency and case number), tell them who is your ISP and contact information, and tell them ISP has been uncooperative at resolution. Ask them can they please help -- at a minimum, can they contact the ISP and get them to start null routing DDOS traffic. Just out of curiosity, do you have any traffic capture? If so, what type of attack is it? SYN flood, Apache instance starvation, etc.? You may want to do some packet capture for hand-over to law enforcement. I know this sounds lame, but I also CONSTANTLY hear from InfraGuard that they want to be informed of these types of attacks, and they will help when resources permit. Don't expect miracles. But it is better than nothing. Finally, document, document, document!!! Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpWuusACgkQUVxQRc85QlNN1gCeJzqVXPfYpeOxcFJxDaTbU1q4 8IoAn1E5QjOZB1usTJO39qp2EIkJpdqW =VM8D -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
