North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Effective ways to deal with DDoS attacks?
On Thu, 2 May 2002, Iljitsch van Beijnum wrote: > > On Wed, 1 May 2002, Pete Kruckenberg wrote: > > > There's been plenty of discussion about DDoS attacks, and my > > IDS system is darn good at identifying them. But what are > > effective methods for large service-provider networks (ie > > ones where a firewall at the front would not be possible) to > > deal with DDoS attacks? > > I'm working on something that should provide a solution to this for at > least some subset of all attacks. > > Basically, it works like this: when you identify the target of the attack, > you have traffic for those target addresses rerouted to a "filter box". > This filter box then contains source address based filters to get rid of > the attacking traffic. > > The idea is that a service provider could install one or more of those > filter boxes (standard routers or multilayer switches) and have customers > use standard BGP mechanisms to get the filter boxes to clean up the > traffic. This should work as long as the number of source addresses is > relatively limited, say below 20,000. > Congrats on re-inventing the wheel :( This is what mazuu/arbor/wanwall(riverhead now?) all do... this is also the way CenterTrack(tm robert stone) was kind of supposed to work. As near as I can tell this doesn't scale too well in a large network. This is a shame, but its a reality. Additionally 20k sources max? that's not nearly enough, how many addresses are in 0/0 ? you should atleast plan for this contingency...
|