DDoS detection and mitigation systems

Christopher L. Morrow chris at UU.NET
Mon Nov 3 17:51:22 UTC 2003

On Mon, 3 Nov 2003, Alex Yuriev wrote:

> > Do you use/develop in-house tools to analyze Netflow on your peering routers
> > and have that interface in near-realtime with the said routers to null route
> > (BGP and RPF) the offending sources?
> Source or destination? Null routing source of DOS is not going to do you any
> good. Null routing destination, especially automatically null routing

unless you aren't concerned about pipe-usage and you runn uRPF on that

> destination, creates a large possibility of shooting yourself in a foot.

yes, auto-actions for security, especially DoS-type things tend to shoot
feet often :( Think Victoria Secret Fashion Show, or Cisco IOS upgrade for
all platforms released under lots of press coverage (like the protocols
problem earlier this year)


More information about the NANOG mailing list