North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Wed, 1 May 2002 [email protected] wrote: > True DDoS attacks, fortunately, are rarer than most people believe. If they > were not, the Internet as we know it would look a lot more like a telephone > system in USSR-at-it's-worst-days. For example, of the two recent DDoS's I > have been on the receiving end of, the first was generating a little over > 300mbit/sec (steady for a prolonged time), and the second went over that by a > fair bit. In both cases, we had core equipment (M20's and BSN5000's) fall > over and die trying to "work" the events. Additionally, our upstream peers Your M20 tipped over?? What were you doing? We regularly stop large (+100Mb->800Mb) attacks with less horsepower than this. Truthfully, a cisco is even capable of filtering (done right) at +200kpps... > also had core equipment fall over, and we all came the [now obvious] > conclusion that the only way to stop these attacks was to completely null > route ourselves at our upstreams (they tried filter-fishing for specific data > which may have helped our investigation, but when their routers started > wheezing, we gave them the OK to just send us straight into the bit bucket > till it was over... > Hmm, this highlights the need to learn how to use the equipment, learn its boundaries and learn defenses inside these boundaries... -Chris
|