-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jon Kibler wrote: > Charles Wyble wrote: >> All, > >> I'm currently experiencing a DDOS attack on my home DSL connection. > >> Thousands of requests to port 80. > >> I'm on an SBC business class account. > >> I'm guessing that calling the regular customer support won't get me >> anywhere. > >> Any suggestions? > > Okay, this is going to sound REALLY lame, but IMHO it may be your best bet to > get action from SBC: > > 1) File a police report with your local law enforcement agency and > (CRITICAL) > get a case number. (You should have well documented when the attack started, > too. If asked why you waited so long to report it, explain that you were not > familiar with procedures. You may also be asked what you have that someone > wants > to attack. "I don't know" is an acceptable answer, if that is the truth.) When > local law enforcement completes taking the report, request that your local law > enforcement escalate the case to the local/regional FBI office (specifically > mention InfraGuard). > > 2) Call your local FBI office and ask to speak to the InfraGuard > coordinator. > (If it is a small office, they may refer you to your regional office.) Tell > them > you are being DDOSed, that you have filed a report with local law enforcement > (give them agency and case number), tell them who is your ISP and contact > information, and tell them ISP has been uncooperative at resolution. Ask them > can they please help -- at a minimum, can they contact the ISP and get them to > start null routing DDOS traffic. > > Just out of curiosity, do you have any traffic capture? If so, what type of > attack is it? SYN flood, Apache instance starvation, etc.? > > You may want to do some packet capture for hand-over to law enforcement. > > I know this sounds lame, but I also CONSTANTLY hear from InfraGuard that they > want to be informed of these types of attacks, and they will help when > resources > permit. > > Don't expect miracles. But it is better than nothing. > > Finally, document, document, document!!! > > Jon
I hate to reply to my own email... but as soon as I hit "SEND", I realized I left off something important... You said you have Business Class DSL. Is this for a business? If so, have your lawyer contact SBC. S/he should request to talk with the department manager for small business services. That, too, may help get action. Be sure to provide him/her with written documentation on everything you can regarding the attack. The more information that s/he has, the better to beat up on SBC with. Finally, what does your TOS/SLA say about DDoS? Most have something to say about ISP liability in the mitigation of such attacks. GOOD LUCK! Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-813-2924 (NEW!) s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpWvU0ACgkQUVxQRc85QlO21wCffh5vK5V39ffWJGZPgoA4a9ii RpcAnjdVCx4l693Pw6vYz58xjZt//Cdx =UTXU -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
