At 12:00 PM 20-05-04 -0700, Wayne E. Bouchard wrote:
I too would be interested if someone could point a good white paper for cisco DDOS protection mechanisms and best practices in general.
For Cisco specific ideas try: http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf specifically slides 86-92 and 105-127. -Hank
On Thu, May 20, 2004 at 11:52:01AM -0700, Mark Kent wrote:
I've been trying to find out what the current BCP is for handling ddos attacks. Mostly what I find is material about how to be a good net.citizen (we already are), how to tune a kernel to better withstand a syn flood, router stuff you can do to protect hosts behind it, how to track the attack back to the source, how to determine the nature of the traffic, etc.
But I don't care about most of that. I care that a gazillion pps are crushing our border routers (7206/npe-g1).
Other than getting bigger routers, is it still the case that the best we can do is identify the target IP (with netflow, for example) and have upstreams blackhole it?
Thanks, -mark
--- Wayne Bouchard web@typo.org Network Dude http://www.typo.org/~web/