Effective ways to deal with DDoS attacks?

Vincent Gillet vgi at zoreil.com
Thu May 2 08:53:24 UTC 2002


chris at UU.NET disait :

> > have been on the receiving end of, the first was generating a little over
> > 300mbit/sec (steady for a prolonged time), and the second went over that by a
> > fair bit.  In both cases, we had core equipment (M20's and BSN5000's) fall
> > over and die trying to "work" the events.  Additionally, our upstream peers
> 
> Your M20 tipped over?? What were you doing? We regularly stop large
> (+100Mb->800Mb) attacks with less horsepower than this. Truthfully, a
> cisco is even capable of filtering (done right) at +200kpps...

On Cisco boxes, it depends too much on Interface type, LC Engine, IOS, ...
etc ...

Beside, some features cannot run concurently (i remumber an ACL on GSR
that make my netflow export stop .... it tooks days to figure this out !!!)

ACL Implement on GSR is too a nightmare.
We are operating more than 70 GSRs with very different interface, LC engine and IOS ...

_some_ IOS with _some_ LC might truthfully filter (turbo, extended, vanilla,
in, out ACLs ?!) .... but there is too many variable in the equation
to get ops people use it for massive anti-DOS purpose !

Vincent.



More information about the NANOG mailing list