North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Yahoo offline because of attack (was: Yahoo network outage)
Anyone find it interesting that all the big name sites are getting hit except AOL? Makes you wonder.... Jim Williams Ntrnet Systems, Inc. President/CEO Research Triangle Park, NC [email protected] (919)484-0504 fax(919)484-0782 On Thu, 10 Feb 2000, Christopher B. Zydel wrote: > > On Wed, Feb 09, 2000 at 03:51:45PM -0500, Travis Pugh wrote: > > Host-by-host prevention, during an attack, should be very easy > > ... assuming a minimal amount of cooperation between upstream provider and > > compromised network, if link utilization is tracked and the spike is > > noticible. Perhaps we should be notifying operations staff to be on the > > lookout for suddenly saturated circuits, and to be prepared to help out > > owners of compromised hosts with filter configuration? > > This sort of alarming is fairly trivial. Just about any network management > system can be configured to poll interface counters on a regular basis and > alarm when some threshold is reached. The difficult question to answer is > "How long should the link be saturated before sending an alarm". With high > speed links this is a lot easier. It's relatively easy to saturate a T1 > with a file transfer, however the same would not be true for an OC-3c. > This type of alarming should be based upon deviation from the established > mean as well. (For example, if a circuit sees around 50mbit/sec worth of > usage on a regular basis, and then spikes to 130mbit/sec and stays there, > something is clearly wrong) > > /cbz > >
|