http://www.secsup.org/Tracking/ UUNet uses that...others might as well, Shrug. Quick, simple, effective tracking of DDoS attacks. As for identifying attacks, quite honestly large ISP's are typically still relying on customer notification. I know that's how we do it. On Wed, 1 May 2002, Pete Kruckenberg wrote:
There's been plenty of discussion about DDoS attacks, and my IDS system is darn good at identifying them. But what are effective methods for large service-provider networks (ie ones where a firewall at the front would not be possible) to deal with DDoS attacks?
Current method of updating ACLs with the source and/or destination are slow and error-prone and hard to maintain (especially when the target of the attack is a site that users would like to access).
A rather extensive survey of DDoS papers has not resulted in much on this topic.
What processes and/or tools are large networks using to identify and limit the impact of DDoS attacks?
Thanks. Pete.