It is not a requirement, unless for some reason it's in their terms of service. That said, I've never seen a ToS from an ISP that involved backtracing a DoS. Detecting the source, in the event that it involves spoofed packets (as they almost always do), requires backtracing. If the DoS is traffic-intensive, it may be coming from more than one source as well, and there is no reliable way to determine this without backtracing either. > -----Original Message----- > From: Hamid [mailto:hamidmailsat_private] > Sent: Monday, February 03, 2003 4:40 PM > To: incidentsat_private > Subject: DoS Attacks, Detecting the Source, and Service Providers > > > Hi everybody, > > Maybe a newbie question, but I was wondering if back-tracing > packets to its source is a service provider requirement? I > mean if one of my hosts is being attacked, for example a > simple ICMP DoS attack, what could I do if the service > provider doesn't cooperate? I was wondering if there are > certain procedures to detect the source of attacks? > > Thanks in advance, > Hamid > > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus ARIS analyzer > service. For more information on this free incident handling, > management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 15:05:13 PST