On Mar 16, 2010, at 11:30 AM, Guillaume FORTAINE wrote:
What do you think about Obeseus ?
Flow telemetry has demonstrated its extraordinary utility to network operators worldwide over the last decade, and continued advances such as Cisco's Flexible NetFlow and the IETF IPFIX/PSAMP effort signify that this is the broad consensus of the operational community. Scalability in terms of logically centralized detection/classification/traceback and minimizing the insertion of additional hardware devices into the network should be core design principles of any operationally viable solution in this space. Volume is only one input into an operationally-viable detection/classification system. Traceback is also very important from an operational perspective. ASIC-based edge routers do an excellent job of mitigating simple high-pps packet-flooding attacks via D/RTBH, S/RTBH and flowspec - again, the utility of these techniques has been validated by the operational community. Layer-7 attacks against various types of services/apps can achieve significant amplification effects and disproportionate impact, are increasing in frequency and impact, and therefore must be addressed by any operationally viable solution in this space. I believe that an effective and operationally useful open-source solution for basic DDoS detection/classification/traceback/mitigation can be implemented using existing widely-used and -understood tools/techniques as described here: <http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html> ----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken