[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reporting DDOS reflection attacks

Subject: Reporting DDOS reflection attacks
From: paul.w.bennett at gmail.com (Paul Bennett)
Date: Sat, 8 Nov 2014 02:20:05 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Sat, Nov 8, 2014 at 2:00 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
>
> On 8 Nov 2014, at 1:56, srn.nanog at prgmr.com wrote:
>
>> But right now how should we be doing it?
>
> <http://www.team-cymru.org/Services/ip-to-asn.html>

Once you get the ASN or at least the domain name of the ISP providing
service to the reflecting host, several major reputable ISPs
(including my employer, who I can't name because I'm not an official
spokesperson) will welcome RFC 5070 "IODEF" reports for general
network abuse and RFC 5965 "MARF" format for email abuse, directed to
abuse@ the main domain for that ISP.

http://www.ietf.org/rfc/rfc5070.txt

http://www.ietf.org/rfc/rfc5965.txt

--
Paul W Bennett

Follow-Ups:
- Reporting DDOS reflection attacks
  - From: mcdonald.richards at gmail.com (McDonald Richards)
- Reporting DDOS reflection attacks
  - From: srn.nanog at prgmr.com (srn.nanog at prgmr.com)

References:
- Reporting DDOS reflection attacks
  - From: srn.nanog at prgmr.com (srn.nanog at prgmr.com)
- Reporting DDOS reflection attacks
  - From: rdobbins at arbor.net (Roland Dobbins)

Prev by Date: Reporting DDOS reflection attacks
Next by Date: Reporting DDOS reflection attacks
Previous by thread: Reporting DDOS reflection attacks
Next by thread: Reporting DDOS reflection attacks
Index(es):
- Date
- Thread