Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: handling ddos attacks

  • From: Vincent Gillet - Opentransit
  • Date: Thu May 20 17:04:29 2004 disait :

> On Thu, May 20, 2004 at 11:52:01AM -0700, Mark Kent wrote:
> > 
> > I've been trying to find out what the current BCP is for handling ddos
> > attacks.  Mostly what I find is material about how to be a good
> > net.citizen (we already are), how to tune a kernel to better withstand
> > a syn flood, router stuff you can do to protect hosts behind it, how
> > to track the attack back to the source, how to determine the nature of
> > the traffic, etc.
> > 
> > But I don't care about most of that.  I care that a gazillion
> > pps are crushing our border routers (7206/npe-g1).
> > 
> > Other than getting bigger routers, is it still the case that the best
> > we can do is identify the target IP (with netflow, for example) and
> > have upstreams blackhole it?
> 	or acl it.
> 	some providers offer blackhole services where you can inject
> a route to them via bgp over the same session (with communities) or
> over a different session that just takes blackhole routes..
> 	that can be used by you to cause them to null0/discard the
> traffic within their network automatically..

At last Ripe meeting, i made a presentation about the way France Telecom
is handling DDOS attack :

Slides at

We presented our practice from a NOC perspective (ACL, blackhole, sinkhole,
netflow, sample, ... etc) and our next steps.

We proposed to give this presentation at coming Nanog, but we were not
so succesfull. Next nanog meeting maybe ...


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.