correlation between ingress and egress traffic in case of volume-based DDoS

• Previous message (by thread): Ear protection
• Next message (by thread): correlation between ingress and egress traffic in case of volume-based DDoS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

volume-based DDoS attacks should often result with following bandwidth graphs:

http://s12.postimg.org/gy3eps10t/volume_based_DDo_S_graph.png


This is a fabricated bps graph for 100GigE port facing an uplink
provider. As seen on the image, outgoing traffic drops at the time
when incoming traffic increases. I could see following reasons for
this:

1) large portion of traffic uses TCP protocol and in case of
congestion(even in one direction), ACK messages are lost and TCP
congestion avoidance kicks in and as a result it will reduce the cwnd
which in effect reduce the data TCP sender can send

2) certain router platforms share some hardware resources both with Tx
and Rx traffic

Are those assumptions correct? Are there any other reasons which cause
outgoing traffic to drop if incoming traffic is very high or the other
way around?


thanks,
Martin

• Previous message (by thread): Ear protection
• Next message (by thread): correlation between ingress and egress traffic in case of volume-based DDoS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]