Real world Anti-DDOS attack practice.
Yu Ning
yuning at ns.chinanet.cn.net
Fri Mar 23 00:21:30 UTC 2001
Hi nanog,
I'm sorry if I raise a cliché topic, but I've searched the nanog archive and
get no satisfied answer.
The question is quite simple, what's the best practice if my downstream customer
report a heavy DDOS attack (icmp based, not source addr. spoofing)? Yes, to
filter out the packet via ACL, but the impact on oc3/48 link with ACL packet filtering
sounds to be a nightmare.
If there is any effective practice to prevent my engineer from patching the router
here and there via packet ACL ? Yes again via dCAR to rate-limiting the icmp traffic,
but as soon as you mention the packet-filtering method, it seems as if my router is
in smoke.
Then I wonder what my US counterpart do to beat DDOS attack to their customer?
Best real world practice ? How about tier-1 like UUNet ?
thanks for any input.
--------------------------------------------
(Mr.) Yu Ning, Chief Engineer
ChinaNET Sr. Support & New Service Dev.
Data Communication Bureau, China Telecom
Beijing, P.R.China +86-10-62072357/62072354
--------------------------------------------
More information about the NANOG
mailing list