Proactive steps to prevent DDOS?

• Previous message (by thread): Proactive steps to prevent DDOS?
• Next message (by thread): Proactive steps to prevent DDOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

DANTE has also developped a tool made of in-house scripts, a database and 
based on netflow exports, that detects more DoS attacks than manpower is 
available to treat.

Still, it enables us to log, and treat, the major (long lasting, repeting, 
extremely distributed, powerful, you name it) ones.

However, we have discovered the following interesting paradox:
- the most transit traffic a network carries, the most likely it will also 
carry DoS attacks, the most DoS attacks will be noticed and the higher the 
costs associated to DDoS will be
- once an attack is detected on a transit network, getting the correct 
administration of the end sites to actually do something about it, is the 
real problem, especially if those end sites are not direct peers (which, 
for some major transit networks, is always the case).

As usual, it is enough one administration in the chain   has not enough 
manpower/does not understand the problem or ways to fix it/thinks the 
problem is not worth fixing/has different priorities  for DDoS compromised 
hosts to remain compromised for months.

Its good to see the awareness is being raised recently, though.

DH.

At 08:47 AM 1/29/01 -0500, Jeff Ogden wrote:


>At 9:27 AM +0200 1/29/01, Hank Nussbacher wrote:
>>>At 12:52 27/01/01 -0500, Jeff Ogden wrote:
>>>--Look into the systems that are being developed and starting to become
>>>   available that help automate the work to diagnose DDOS attacks.
>>>   Encourage your up streams to do the same.
>>
>>I know of just Asta Networks:
>>Asta Networks claims cure for denial-of-service attacks, Jan 17, 2001
>>http://www.nwfusion.com/news/2001/0117ddos.html
>>Firm eyes DOS attacks, Jan 22, 2001
>>http://www.nwfusion.com/archive/2001/115979_01-22-2001.html
>>
>>Can you elaborate on others you may know?
>>
>>-Hank
>
>Yes, Asta is one.
>
>There is a DARPA funded research project called Lighthouse at the 
>University of Michigan that is working in this area. Merit has been 
>involved mostly by giving them access to traffic on a real operational 
>network. See:
>
> 
>http://www.darpa.mil/leaving.asp?url=http://www.eecs.umich.edu/lighthouse
>
>I understand that there are other DARPA funded efforts working on 
>different aspects of the DOS problem (automatic detection, trace back, 
>counter measures).
>
>Take a look at "Networking & Distributed Systems" under
>
>      http://www.darpa.mil/ito/ResearchAreas.html
>
>In particular see:
>
>      http://www.darpa.mil/ito/psum2000/J032-0.html
>      http://www.darpa.mil/ito/psum2000/J910-0.html
>      http://www.darpa.mil/ito/psum2000/J028-0.html
>
>

___________________________________________________________________
             * *         David Harmelin  	Network Engineer
           *     *				DANCERT Representative
          *              Francis House
         *               112 Hills Road       Tel +44 1223 302992
         *               Cambridge CB2 1PQ    Fax +44 1223 303005
      D  A  N  T  E      United Kingdom       WWW http://www.dante.net
____________________________________________________________________

• Previous message (by thread): Proactive steps to prevent DDOS?
• Next message (by thread): Proactive steps to prevent DDOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]