Identifying DoS-attacked IP address(es)
Livio Ricciulli
livio at reactivenetwork.com
Mon Dec 16 23:30:45 UTC 2002
At 09:17 PM 12/16/2002 +0000, Christopher L. Morrow wrote:
>On Mon, 16 Dec 2002, Livio Ricciulli wrote:
>
> > FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
> > a model using the cross-product of:
> > 1) source/destination address distributions
> > 2) packet rate
> > 3) protocol
>
>But I can't field deploy this 2 continents away at 4am with 10 mins
>notice...
Yes, there needs to be some up-front investment to proactively deploy these
boxes/taps in strategic places. I did some analysis and the numbers are
doable even
for the largest networks.
But then we get into philosophy; I have a lot of screwdrivers at home
laying around but
I would much rather invest in chisels rather than keep trying carving wood
with flathead
screwdrivers (but that's just me..)
Livio.
More information about the NANOG
mailing list