Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is current DDoS detecting method effective?

  • From: Joe Shen
  • Date: Mon Mar 07 04:25:14 2005

Hi,


> 
> you aren't distinguishing between 'dos attack' and
> 'scan' or 'probe' or
> 'welcome to the Internet!' traffic. The Arbor
> systems may see 'scan'
> traffic (depending upon sample rates and traffic
> loads) and they may
> not... They aren't designed to see that, they are
> designed to: (speaking
> of peakflow SP, peakflow Traffic, peakflow DoS
> only... peakflow X isn't
> really a 'provider' solution as much as a
> 'enterprise' tool)

That's what I think current tool not enough, because
we can not think ongoing traffic is not malicious when
tools are building up 'normal' traffic model in ISP
networks.

But, in enterprise  network this could be achived
because traffic pattern for a enterprise could be
estimated, and load on special server could be
controled by threshhold (but, think about CNN website
on 911 ) 
  

> 
> 1) to watch traffic and alarm against thresholds
> 2) track traffic trends over time
> 3) report traffic trends over time
> 

So, it need to define what should be monitored ( port,
protocol, application data set ...) ? 


> (possibly some other things out of scope of this
> discussion... someone
> from Arbor could/should clarify)
> 
> Some of your cflowd gathering should also see these
> things, but they will
> need data correlation, something Arbor already went
> to the trouble of
> doing for you... So, define: "attack" and then see
> if your tool fits that
> definition.
>  

So, I think current tool is just for enterprise , or
for ISPs who want to provide anti-DoS services. 

regards

Joe

  
 


__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.