Identifying DoS-attacked IP address(es) Sniffer

alex at alex at
Tue Dec 17 00:52:21 UTC 2002

> Even though you are asking this question with regard to what can
> be done on the router itself, it's worth mentioning, if only for
> the archives, a non-router approach to the problem...especially if
> you are an enterprise network manager. It's even worth
> mentioning despite the fact that I work for a company that provides
> said approach.

> Some of our enterprise customers place distributed Sniffers on their 
> internet links themselves. Upon receiving an alert, they connect to the
> Sniffer
> and click on Top Ten talkers by bytes (presented in pie/bar chart).


You want to put a box like this to analyze and dozen OC-12c(s)? I know that
the sales people for boxes like this right now are really hurting for
business but give us a break.


More information about the NANOG mailing list