DDoS detection and mitigation systems

• Previous message (by thread): DDoS detection and mitigation systems
• Next message (by thread): short question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 3 Nov 2003, Alex Yuriev wrote:

>
> > Do you use/develop in-house tools to analyze Netflow on your peering routers
> > and have that interface in near-realtime with the said routers to null route
> > (BGP and RPF) the offending sources?
>
> Source or destination? Null routing source of DOS is not going to do you any
> good. Null routing destination, especially automatically null routing

unless you aren't concerned about pipe-usage and you runn uRPF on that
pipe...

> destination, creates a large possibility of shooting yourself in a foot.
>

yes, auto-actions for security, especially DoS-type things tend to shoot
feet often :( Think Victoria Secret Fashion Show, or Cisco IOS upgrade for
all platforms released under lots of press coverage (like the protocols
problem earlier this year)

-Chris

• Previous message (by thread): DDoS detection and mitigation systems
• Next message (by thread): short question
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]