Is current DDoS detecting method effective?

Joe Shen joe_hznm at
Mon Mar 7 06:05:58 UTC 2005


> It frightens me that you're sitting on 11Gb/s+ and
> unable to utilize 
> existing toold to determine what is within profile
> for your network and 
> what is not.

That what makes me think it's not possible to
determine "legal" traffic model by available tools.
The total BW keeps increasing, and network attack
keeps going on. We could estimate traffic scheme by
monitoring BW utilized, but it may has exhaust
customer's server resource when we consider those DoS
packet with our traffic scheme. 

So, Arbor and alike may be useful to enterprise users,
but to ISPs its effectiveness is questionable.

> I'm certain that you'll be contacted by many
> commercial vendors who have 
> working profiling solutions.

I've discussed with some persons, they just disclame
but no demonstration and analysis.


Do You Yahoo!?
Log on to Messenger with your mobile phone!

More information about the NANOG mailing list