North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Effective ways to deal with DDoS attacks?

  • From: Hank Nussbacher
  • Date: Thu May 02 04:20:36 2002 
At 04:16 AM 02-05-02 +0000, Christopher L. Morrow wrote:


What we use and we're a 'largeish' network:

http://www.secsup.org/Tracking/
(shameless plug #1)

Among other things this is a tool we use... there was a great set of
slides and presentation given at NANOG23:

http://www.nanog.org/mtg-0110/greene.html
(shameless plug #2)

Shameless plug #3 from RIPE41:
http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf
155 slides - 2.3M

-Hank
Consultant
Riverhead Networks (formerly Wanwall Networks)
www.riverhead.com




There is also a set of papers Barry Greene from Cisco has available on the
Cisco website... I'm positive he'll respond to this with the link, if he
doesn't search the NANOG mailing list archive for the link it should be
obvious in posts from Barry.

If you want more pointers I'd be glad to chat on the phone with you,
numbers included below.


--Chris
([email protected])
#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-886-3823 (C)703-338-7319                   ##
#######################################################

On Wed, 1 May 2002, Pete Kruckenberg wrote:

>
> There's been plenty of discussion about DDoS attacks, and my
> IDS system is darn good at identifying them. But what are
> effective methods for large service-provider networks (ie
> ones where a firewall at the front would not be possible) to
> deal with DDoS attacks?
>
> Current method of updating ACLs with the source and/or
> destination are slow and error-prone and hard to maintain
> (especially when the target of the attack is a site that
> users would like to access).
>
> A rather extensive survey of DDoS papers has not resulted in
> much on this topic.
>
> What processes and/or tools are large networks using to
> identify and limit the impact of DDoS attacks?
>
> Thanks.
> Pete.
>
>