Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Identifying DoS-attacked IP address(es) Sniffer

  • From: alex
  • Date: Tue Dec 17 10:08:24 2002

> The Sniffer and other tools like it are meant to drink from a fire hose.
> So, is it far fetched to analyze a dozen or more OC-12's other than from a
> router??  No.  In fact carriers should embrace a different approach to
> further understand and analyze their backbone.  Analyzers' with filters of
> attack/virus definitions can play a key role in fast, efficient response in
> the fight against distributed attacks.    

Should the sales people trying to peddle their wares learn a bit about
underlying technologies and be forced to take Algebra 101 before be let lose
on NANOG?

So your SONET sniffer decodes STS->[other
stuff]->IP->[other-stuff]->app-layer and matches against definitions that
you have, and does it all in real-time, does not fall over due to load,
deals with fragmentation and assymetic routing and so on. Oh, and then of
course it does it all in a secure manner since the traffic should not be
exposed to 3rd parties.

Yeah, right.

Alex





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.