Hi everyone ! > T1 and up providers dont get their hands dirty with client specific router > configuration for the same reasons that consultants get paid Big > Money: it requires a lot of work and generally speaking, an ongoing degree > of effort. I just have to throw in a personal experience here: Some days ago a friend of mine was target of a (still possible) smurf attack. His logs showed a large number of ICMP echo replies from hosts we found out were in subnets with open broadcasts. The 2mbit uplink provided by the "Deutsche Telekom" was rendered useless by this attack. Blocking them in his routers was not an option because all he had access to was behind the 2mbit line. My 2 advices were: * Wait until its over. (That was not an option for him because the company he worked for needed the uplink badly.) * Ask your provider to temporarily block all ICMPīs in a backbone router or something a little higher in the food chain. Everyone with knowledge about the size of "Deutsche Telekom" and the relative meaning of this 2mbit to them might think: spend the 50 cents of that phonecall somewhere else - its better invested. But after 2 calls there was a ticket opened and 3 hours later the DoS stopped because the ICMPīs were blocked, with the DT effectively taking over the traffic costs. I had similar experiences with ECRC/Cable&Wireless while I was working for an internet startup. So i think: Evene huge ISPīs can act quickly if you a) ask politely b) deliver logs making them understand that you are not "hunting ghosts" c) make it clear, that this is very important for you cheers, Chrissi -- Christian "eldoc" Schwalm schwalmat_private-hannover.de
This archive was generated by hypermail 2b30 : Sat Jun 02 2001 - 06:44:16 PDT