DDOS, IDS, RTBH, and Rate limiting
Roland Dobbins
rdobbins at arbor.net
Sun Nov 9 02:28:10 UTC 2014
On 9 Nov 2014, at 8:59, Frank Bulk wrote:
> I've written it before: if there was a software feature in routers
> where I
> could specify the maximum rate any prefix size (up to /32) could
> receive,
> that would be very helpful.
QoS generally isn't a suitable mechanism for DDoS mitigation, as the
programmatically-generated attack traffic ends up 'crowding out'
legitimate traffic.
S/RTBH, flowspec, and other methods tend to produce better results.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list