Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Real world Anti-DDOS attack practice.

  • From: Yu Ning
  • Date: Thu Mar 22 19:26:47 2001

Hi nanog,

I'm sorry if I raise a clich¨¦ topic, but I've searched the nanog archive and
get no satisfied answer. 

The question is quite simple, what's the best practice if my downstream customer 
report a heavy DDOS attack (icmp based, not source addr.  spoofing)?  Yes, to 
filter out the packet via ACL, but the impact on oc3/48 link with ACL packet filtering 
sounds to be a nightmare. 

If there is any effective practice to prevent my engineer from patching  the router 
here and there via packet ACL ?  Yes again via dCAR to rate-limiting the icmp traffic, 
but as soon as you mention the packet-filtering method, it seems as if my router is 
in smoke.

Then I wonder what my US counterpart do to beat DDOS attack to their customer?
Best real world practice ? How about tier-1 like UUNet ?

thanks for any input.

--------------------------------------------
(Mr.) Yu Ning, Chief Engineer
ChinaNET Sr. Support & New Service Dev.
Data Communication Bureau, China Telecom
Beijing, P.R.China +86-10-62072357/62072354
--------------------------------------------




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.