| 3.3.1. Contain the incident—halt the DoS if it has not |
| 3.3.1.3. If not yet contained, contact the ISP for assistance |
| 3.3.1.1. Identify and mitigate all vulnerabilities that were used |
| 3.3.1.2. If not yet contained, implement filtering based on the |
| 3.3.1.4. If not yet contained, relocate the target |