Identifying DoS-attacked IP address(es)

Valdis.Kletnieks at Valdis.Kletnieks at
Mon Dec 16 22:29:59 UTC 2002

On Mon, 16 Dec 2002 21:17:07 GMT, "Christopher L. Morrow" said:
> On Mon, 16 Dec 2002, Livio Ricciulli wrote:
>> FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
>> a model using the cross-product of:
>> 1) source/destination address distributions
>> 2) packet rate
>> 3) protocol
> But I can't field deploy this 2 continents away at 4am with 10 mins
> notice...

But that's OK, since you deployed it in last week's maintenance window, to
comply with the upper management requirement that they be given advance
notice of all unscheduled outages. ;)

But seriously - if you had a HandWave 2100 already installed 2 continents
away, would interrogating/tweaking/etc the model at 4AM with 10 minutes
notice be feasible?

(And yes, I know Chris probably has some tools in place before the fact -
the question is how many of the REST of you do?)
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list