On May 20, 2004, at 12:52 PM, Mark Kent wrote:
I've been trying to find out what the current BCP is for handling ddos attacks. Mostly what I find is material about how to be a good net.citizen (we already are), how to tune a kernel to better withstand a syn flood, router stuff you can do to protect hosts behind it, how to track the attack back to the source, how to determine the nature of the traffic, etc.
There's lots and lots of really-useful-very-often-multi-vendor stuff here: ftp://ftp-eng.cisco.com/cons/isp/security/ In particular, under the bootcamp and CPN-summit stuff. Though it may seem vendor-specific per logos and the like, I know of several (more than three) vendors that have contributed to this content, most of which is very practical and generally informative, and should be applicable to most deployed vendors. There's also some VOD stuff here that expands some areas of the content: http://www.getitmm.com/bootcampflash/launch.html HTH, -danny