On May 1, 2013, at 6:43 AM, Thomas St-Pierre wrote:
We've been sending emails to our clients but as the servers are not managed by us, there's not much we can do at that level.
Sure, there is - shut them down if they don't comply. Most ISPs have AUP verbiage which would apply to a situation of this type.
Has anyone ever tried mitigating/rate-limiting/etc these attacks in the network before? (vs at the server/application level)
QoS doesn't work, as the programmatically-generated attack traffic 'crowds out' legitimate requests.
We have an Arbor peakflow device, but it's not really geared for this scenario I find.
Peakflow SP is a NetFlow-based anomaly-detection system which performs attack detection/classification/traceback. Please feel free to ping me offlist about additional system elements which perform attack mitigation. ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton