RTBH and Flowspec Measurements - Stop guessing when the attack will over

• Previous message (by thread): RTBH and Flowspec Measurements - Stop guessing when the attack will over
• Next message (by thread): RTBH and Flowspec Measurements - Stop guessing when the attack will over
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 2, 2021, at 00:34, Douglas Fischer <fischerdouglas at gmail.com> wrote:

Or even know if already there is a solution to that and I'm trying to invent the wheel.

Many flow telemetry export implementations on routers/layer3 switches report both passed & dropped traffic on a continuous basis for DDoS detection/classification/traceback.

It's also possible to combine the detection/classification/traceback & flowspec trigger functions.

[Full disclosure: I work for a vendor of such systems.]


--------------------------------------------

Roland Dobbins <roland.dobbins at netscout.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210202/62a8e89a/attachment.html>

• Previous message (by thread): RTBH and Flowspec Measurements - Stop guessing when the attack will over
• Next message (by thread): RTBH and Flowspec Measurements - Stop guessing when the attack will over
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]