DOS attack tracing

Suresh Ramasubramanian ops.lists at gmail.com
Tue May 10 09:05:08 UTC 2005


Quite decent suggestions

On 5/10/05, Kim Onnel <karim.adel at gmail.com> wrote:
> 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
> & analyzers
> 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
> 5) Monitor CPU/Netflow table size using SNMP
> 6) Request a blackholing BGP community from your upsream provider.

You start with #4, first of all.  Then get #6.  Then put #2 and #5 in place.

After that, you get one or the other of these, if you can push through
a budget for expensive kit.

> 1) Get 'Cisco guard' , too expensive ?
> 2) Get Arbor, Stealthflow, Esphion, too expensive ?

--srs
-- 
Suresh Ramasubramanian (ops.lists at gmail.com)



More information about the NANOG mailing list