Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Identifying DoS-attacked IP address(es)

  • From: Livio Ricciulli
  • Date: Mon Dec 16 15:10:26 2002

FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
a model using the cross-product of: 
1) source/destination address distributions 
2) packet rate 
3) protocol

This works very well to detect floods and does not require messing with
routers..

Livio.

-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Neil J. McRae
Sent: Monday, December 16, 2002 9:38 AM
To: Andre Chapuis
Cc: Christopher L. Morrow; nanog@nanog.org
Subject: Re: Identifying DoS-attacked IP address(es)


Sampled netflow, or look at the traceback stuff in later
IOS 12.0S versions.  Avoid filter lists as the GSR engine cards
have a statically limited number of entries.

Regards,
Neil.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.