Effective ways to deal with DDoS attacks?

Hank Nussbacher hank at att.net.il
Thu May 2 09:15:28 UTC 2002 

At 04:16 AM 02-05-02 +0000, Christopher L. Morrow wrote:

>What we use and we're a 'largeish' network:
>
>http://www.secsup.org/Tracking/
>(shameless plug #1)
>
>Among other things this is a tool we use... there was a great set of
>slides and presentation given at NANOG23:
>
>http://www.nanog.org/mtg-0110/greene.html
>(shameless plug #2)

Shameless plug #3 from RIPE41:
http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf
155 slides - 2.3M

-Hank
Consultant
Riverhead Networks (formerly Wanwall Networks)
www.riverhead.com



>There is also a set of papers Barry Greene from Cisco has available on the
>Cisco website... I'm positive he'll respond to this with the link, if he
>doesn't search the NANOG mailing list archive for the link it should be
>obvious in posts from Barry.
>
>If you want more pointers I'd be glad to chat on the phone with you,
>numbers included below.
>
>
>--Chris
>(chris at uu.net)
>#######################################################
>## UUNET Technologies, Inc.                          ##
>## Manager                                           ##
>## Customer Router Security Engineering Team         ##
>## (W)703-886-3823 (C)703-338-7319                   ##
>#######################################################
>
>On Wed, 1 May 2002, Pete Kruckenberg wrote:
>
> >
> > There's been plenty of discussion about DDoS attacks, and my
> > IDS system is darn good at identifying them. But what are
> > effective methods for large service-provider networks (ie
> > ones where a firewall at the front would not be possible) to
> > deal with DDoS attacks?
> >
> > Current method of updating ACLs with the source and/or
> > destination are slow and error-prone and hard to maintain
> > (especially when the target of the attack is a site that
> > users would like to access).
> >
> > A rather extensive survey of DDoS papers has not resulted in
> > much on this topic.
> >
> > What processes and/or tools are large networks using to
> > identify and limit the impact of DDoS attacks?
> >
> > Thanks.
> > Pete.
> >
> >

More information about the NANOG mailing list