handling ddos attacks

Steve Gibbard scg at gibbard.org
Thu May 20 19:16:27 UTC 2004

A paper based on a presentation I did at the PAIX peering forum in
December is here: http://www.stevegibbard.com/ddos-talk.htm

I should probably update it a bit, but that may not happen any time soon.

Slides from another presentation at the same conference are here:


On Thu, 20 May 2004, Mark Kent wrote:

> I've been trying to find out what the current BCP is for handling ddos
> attacks.  Mostly what I find is material about how to be a good
> net.citizen (we already are), how to tune a kernel to better withstand
> a syn flood, router stuff you can do to protect hosts behind it, how
> to track the attack back to the source, how to determine the nature of
> the traffic, etc.
> But I don't care about most of that.  I care that a gazillion
> pps are crushing our border routers (7206/npe-g1).
> Other than getting bigger routers, is it still the case that the best
> we can do is identify the target IP (with netflow, for example) and
> have upstreams blackhole it?
> Thanks,
> -mark

More information about the NANOG mailing list