Arbor Networks DoS defense product

Cheung, Rick Rick.Cheung at NextelPartners.com
Wed May 15 14:05:37 UTC 2002


	Is it common practice to place your own equipment at the ISP? My
thought is that if we are able to have our own routers at the ISP, we'd be
in a better position to mitigate the effects of a DDOS. As long as the
stream of traffic does not adversely affect our routers from performing
properly at the ISP, we can then mitigate the effects through access-lists,
QOS, etc. That is if the attack is not too distributed, where the source IPs
with the highest amount of syn traffic for example can be easily identified.




Rick Cheung
NPI IT Wan Team, CCNP


-----Original Message-----
From: Pete Kruckenberg [mailto:pete at kruckenberg.com]
Sent: Wednesday, May 15, 2002 2:15 AM
To: nanog at merit.edu
Subject: Re: Arbor Networks DoS defense product



On Wed, 15 May 2002, Rubens Kuhl Jr. wrote:

> If and when
> (a) customers don't get exemption for attack traffic
> (b) the DoS traffic occurs more than 5% (or 1 - your percentile level) of
> the month per customer circuit
> (c) the DoS increases bytes transferred like large ICMP packet flood; this
> is not the case for all DoS traffic, which can be a bunch of small packets
> that actually decreases traffic

These might apply to noticeable DoS attacks that occur as
specific events. But how much (D)DoS traffic goes unnoticed
by the average customer because it's too tough to detect or
defend against? The 10% I've measured on my network is
primarily reflected DDoS (reflected off my customers, to
off-net targets), which is not trivial to detect or defend
against.

Pete.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020515/fa465ce2/attachment.html>


More information about the NANOG mailing list