[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Handling of Abuse Complaints

There is a distance to travel between cant and cant effectively.

Perhaps they can share how they ever so effectively have solved this 
conundrum. After all, they are apparently not getting any abuse reports 
ever. As an operator of several open resolvers (with rate limiting and 
automatic mitigation in effect)  to support my customer base until the 
network landscape supports alternative approaches, I would like to know 
how they accomplished that little trick.

Filip Hruska wrote:
> Google, Level 3 and the like's open DNS resolvers are strictly
> rate-limited. They can't be used as DDOS amplifiers.
> On the other hand, there are tons of open resolvers on the internet
> without any sort of limiting. These are very effective amplifiers.
> Regards,
> Filip
> On 29.8.2016 19:04, Laszlo Hanyecz wrote:
>> I know this is against the popular religion here but how is this abuse
>> on the part of your customer?  Google, Level3 and many others also run
>> open resolvers, because they're useful services. This is why we can't
>> have nice things.
>> On 2016-08-29 15:55, Jason Lee wrote:
>>> NANOG Community,
>>> I was curious how various players in this industry handle abuse
>>> complaints.
>>> I'm drafting a policy for the service provider I'm working for about
>>> handing of complaints registered against customer IP space. In this
>>> example
>>> I have a customer who is running an open resolver and have received a
>>> few
>>> complaints now regarding it being used as part of a DDoS attack.
>>> My initial response was to inform the customer and ask them to fix it.
>>> Now
>>> that its still ongoing over a month later, I'd like to take action to
>>> remediate the issue myself with ACLs but our customer facing team is
>>> pushing back and without an idea of what the industry best practice is,
>>> management isn't sure which way to go.
>>> I'm hoping to get an idea of how others handle these cases so I can
>>> develop
>>> our formal policy on this and have management sign off and be able to
>>> take
>>> quicker action in the future.
>>> Thanks,
>>> Jason