Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: handling ddos attacks

  • From: Hank Nussbacher
  • Date: Fri May 21 00:42:50 2004

At 12:00 PM 20-05-04 -0700, Wayne E. Bouchard wrote:

I too would be interested if someone could point a good white paper
for cisco DDOS protection mechanisms and best practices in general.
For Cisco specific ideas try:
http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf
specifically slides 86-92 and 105-127.

-Hank


On Thu, May 20, 2004 at 11:52:01AM -0700, Mark Kent wrote:
>
> I've been trying to find out what the current BCP is for handling ddos
> attacks.  Mostly what I find is material about how to be a good
> net.citizen (we already are), how to tune a kernel to better withstand
> a syn flood, router stuff you can do to protect hosts behind it, how
> to track the attack back to the source, how to determine the nature of
> the traffic, etc.
>
> But I don't care about most of that.  I care that a gazillion
> pps are crushing our border routers (7206/npe-g1).
>
> Other than getting bigger routers, is it still the case that the best
> we can do is identify the target IP (with netflow, for example) and
> have upstreams blackhole it?
>
> Thanks,
> -mark

---
Wayne Bouchard
web@typo.org
Network Dude
http://www.typo.org/~web/




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.