Real world Anti-DDOS attack practice.

• Previous message (by thread): Clear Channel on a T1
• Next message (by thread): Real world Anti-DDOS attack practice.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi nanog,

I'm sorry if I raise a cliché topic, but I've searched the nanog archive and
get no satisfied answer. 

The question is quite simple, what's the best practice if my downstream customer 
report a heavy DDOS attack (icmp based, not source addr.  spoofing)?  Yes, to 
filter out the packet via ACL, but the impact on oc3/48 link with ACL packet filtering 
sounds to be a nightmare. 

If there is any effective practice to prevent my engineer from patching  the router 
here and there via packet ACL ?  Yes again via dCAR to rate-limiting the icmp traffic, 
but as soon as you mention the packet-filtering method, it seems as if my router is 
in smoke.

Then I wonder what my US counterpart do to beat DDOS attack to their customer?
Best real world practice ? How about tier-1 like UUNet ?

thanks for any input.

--------------------------------------------
(Mr.) Yu Ning, Chief Engineer
ChinaNET Sr. Support & New Service Dev.
Data Communication Bureau, China Telecom
Beijing, P.R.China +86-10-62072357/62072354
--------------------------------------------

• Previous message (by thread): Clear Channel on a T1
• Next message (by thread): Real world Anti-DDOS attack practice.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]