On Mon, 3 Nov 2003, Alex Yuriev wrote:
Do you use/develop in-house tools to analyze Netflow on your peering routers and have that interface in near-realtime with the said routers to null route (BGP and RPF) the offending sources?
Source or destination? Null routing source of DOS is not going to do you any good. Null routing destination, especially automatically null routing
unless you aren't concerned about pipe-usage and you runn uRPF on that pipe...
destination, creates a large possibility of shooting yourself in a foot.
yes, auto-actions for security, especially DoS-type things tend to shoot feet often :( Think Victoria Secret Fashion Show, or Cisco IOS upgrade for all platforms released under lots of press coverage (like the protocols problem earlier this year) -Chris