ddos attacks

Dobbins, Roland rdobbins at arbor.net
Thu Dec 19 21:23:59 UTC 2013

On Dec 19, 2013, at 6:12 AM, cb.list6 <cb.list6 at gmail.com> wrote:

> I am strongly considering having my upstreams to simply rate limit ipv4 UDP. 

QoS is a very poor mechanism for remediating DDoS attacks.  It ensures that programmatically-generated attack traffic will 'squeeze out' legitimate traffic.

> During an attack, 100% of the attack traffic is ipv4 udp (dns, chargen, whatever).

Have you checked to see whether you and/or your customers have open DNS recursors, misconfigured CPE devices, etc. which can be used as reflectors/amplifiers on your respective networks?

Have you implemented NetFlow and S/RTBH?  Considered building a mitigation center?


Do you work with your peers/upstreams/downstreams to mitigate DDoS attacks when they ingress your network?

There are lots of things one can do to increase one's ability to detect, classify, traceback, and mitigate DDoS attacks, yet which aren't CAPEX-intensive.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list