the complication is that the the attack victim is not IP .......... Can't turn up a firewall or router to mitigate.
mike On Tue, Aug 16, 2011 at 12:57 PM, Charles N Wyble <[email protected]>wrote: > On 08/16/2011 11:46 AM, harbor235 wrote: > >> Anyone been involved with TDM voice DOS attacks? My thoughts are that if >> the >> phone >> call originates as an IP call somewhere in the wild, then typical abuse >> security incident notifications may help >> in the interim. >> > > Indeed. Though I suppose it depends on where they come from. Probably > originate in various nasty neighborhoods of the net. > > > At least potentially identify through customer records or >> make them move on where they eventually slip up. >> > > Right. > > > If the abuse originates as IP what obligations do foreign service providers >> (friendly?) have to >> identify and mitigate? >> > > Well I work at a very large shared hosting provider. Our upstream provider > gets abuse complaints and a ticket lands in our queue telling us to clean up > or the box gets dropped off the net (anywhere from 4 to 48 hour warning > window). > > I'm guessing that most large service providers have similar procedures in > place? Just hit up the abuse contacts for the IP range. Doesn't matter > where the destination is, what media etc. If it originates on an IP > network/device, it can be dealt with that way. > > However the bad guys probably aren't using the large providers, as they > usually operate 24x7 abuse desks, which means rapid ban hammering. :) > > > How can the community respond to service providers >> who fail to >> clean up their customer base? >> > > iptables -s x.x.x.x/8 -j DROP (modify to your local site firewall drug of > choice). > > >
