correlation between ingress and egress traffic in case of volume-based DDoS
Roland Dobbins
rdobbins at arbor.net
Wed Sep 23 16:33:10 UTC 2015
On 23 Sep 2015, at 23:07, Martin T wrote:
> Are there any other reasons which cause outgoing traffic to drop if
> incoming traffic is very high
Lots. It's very situationally-specific.
The attack traffic may not be crafted in such a way so as to elicit a
response from the targeted host(s).
The relevant network links/paths could be filled, with attack traffic
'crowding out' legitimate traffic.
The hosts could be pummeled with attack traffic and be so busy trying to
deal with it at either the NIC level or the network stack level or the
kernel level or the app/service level that it can't respond.
The relevant network infrastructure could be down due to the attack
traffic, for various reasons (software-based platform overloaded,
traffic punted to RP, etc.).
The hosts could be sitting behind a stateful firewall or load-balancer
or 'IPS' which has gone down under the onslaught.
And so forth.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the NANOG
mailing list