Re: Effective ways to deal with DDoS attacks?
At 04:16 AM 02-05-02 +0000, Christopher L. Morrow wrote:
What we use and we're a 'largeish' network:
http://www.secsup.org/Tracking/ (shameless plug #1)
Among other things this is a tool we use... there was a great set of slides and presentation given at NANOG23:
http://www.nanog.org/mtg-0110/greene.html (shameless plug #2)
Shameless plug #3 from RIPE41: http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf 155 slides - 2.3M -Hank Consultant Riverhead Networks (formerly Wanwall Networks) www.riverhead.com
There is also a set of papers Barry Greene from Cisco has available on the Cisco website... I'm positive he'll respond to this with the link, if he doesn't search the NANOG mailing list archive for the link it should be obvious in posts from Barry.
If you want more pointers I'd be glad to chat on the phone with you, numbers included below.
--Chris (chris@uu.net) ####################################################### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## #######################################################
On Wed, 1 May 2002, Pete Kruckenberg wrote:
There's been plenty of discussion about DDoS attacks, and my IDS system is darn good at identifying them. But what are effective methods for large service-provider networks (ie ones where a firewall at the front would not be possible) to deal with DDoS attacks?
Current method of updating ACLs with the source and/or destination are slow and error-prone and hard to maintain (especially when the target of the attack is a site that users would like to access).
A rather extensive survey of DDoS papers has not resulted in much on this topic.
What processes and/or tools are large networks using to identify and limit the impact of DDoS attacks?
Thanks. Pete.
participants (1)
-
Hank Nussbacher