RE: Arbor Networks DoS defense product

• From: Cheung, Rick
• Date: Wed May 15 10:01:08 2002

        Is it common practice to place your own equipment at the ISP? My thought is that if we are able to have our own routers at the ISP, we'd be in a better position to mitigate the effects of a DDOS. As long as the stream of traffic does not adversely affect our routers from performing properly at the ISP, we can then mitigate the effects through access-lists, QOS, etc. That is if the attack is not too distributed, where the source IPs with the highest amount of syn traffic for example can be easily identified.

Rick Cheung
NPI IT Wan Team, CCNP

-----Original Message-----
From: Pete Kruckenberg [mailto:[email protected]]
Sent: Wednesday, May 15, 2002 2:15 AM
To: [email protected]
Subject: Re: Arbor Networks DoS defense product

On Wed, 15 May 2002, Rubens Kuhl Jr. wrote:

> If and when
> (a) customers don't get exemption for attack traffic
> (b) the DoS traffic occurs more than 5% (or 1 - your percentile level) of
> the month per customer circuit
> (c) the DoS increases bytes transferred like large ICMP packet flood; this
> is not the case for all DoS traffic, which can be a bunch of small packets
> that actually decreases traffic

These might apply to noticeable DoS attacks that occur as
specific events. But how much (D)DoS traffic goes unnoticed
by the average customer because it's too tough to detect or
defend against? The 10% I've measured on my network is
primarily reflected DDoS (reflected off my customers, to
off-net targets), which is not trivial to detect or defend
against.

Pete.

• Prev by Date: Re: Arbor Networks DoS defense product
• Next by Date: Re: Arbor Networks DoS defense product
• Date Index
• Thread Index
• Author Index
• Historical