Ransom DDoS attack - need help!
Roland Dobbins
rdobbins at arbor.net
Fri Dec 4 04:09:02 UTC 2015
On 4 Dec 2015, at 9:34, alvin nanog wrote:
> all that tcpdump jibberish
Is entirely unnecessary, as well as being completely impractical on a
network of any size.
Reasonable network access policies for the entities under attack plus
flow telemetry collection/analysis, S/RTBH, and/or flowspec are a good
start, along with this:
<http://www.merit.edu/mail.archives/nanog/msg03776.html>
This business of attempting to use packet captures for everything is the
equivalent of your doctor attempting to diagnose the reason you're
running a fever by using an electron microscope.
Start with the BCPs, then move to the macroanalytical. Only dip into
the microanalytical when required, and even then, do so very
selectively.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list