North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Access to the Internic Blocked
> Curtis Villamizar <[email protected]> wrote: > > >We have traced back such "clever" denial of service attacks before. > >Within the last 6 months even. > > >Have you forgotten that we log and keep track of source/destination > >pairs. > > I sincerely wish you good luck doing that at OC-12. If you know > a magic technology which can do that please let me know. > Doing that at 10 kpps is not going to be a solution any time soon. You're kidding, right? 10kpps has been doable (and done) for years. Did you forget a zero or two? The vBNS folks are about to release an OC-3 header sniffer that runs on a Pentium box. Rumor has it that it'll handle OC-12 as well. There's a presentation of it on the USENIX agenda. > I would also wish you luck with logging SA/DA pairs at places like > .ICP.NET. where source/destination matrix is about 1-2 millon > entries long. 1-2 million is not much. Even in the NSFNET days, I worked w/ 5-million-cell net matrices. All it takes is memory and some CPU. > >It is really easy for us to spot in incoming path with a set > >of sources that were never coming from that direction and start > >working backwards. > > Yeah? Over six backbones? To the edge of our backbone, absolutely. In someone else's backbone? Of course not. > >Other respectable providers cooperate. Nearnet > >for example flew out a person and workstation to track an attack > >coming through them. > > Cool. Now, if such a bogon generator becomes someting easily > accessible to every newbie (as it is bound to become, sooner or > later), that certainly will help. > > >We have Unix boxes deployed in every POP, even > >with our new backbone. These watch over the FDDI rings. > > That certainly helps to people who already have to use FDDI switches. We're not sniffing a shared FDDI ring w/ these UNIX boxes. They get data from the routers. It doesn't matter what kind of media the packet traversed to hit the router (switched FDDI included). Daniel ~~~~~~ - - - - - - - - - - - - - - - - -
|