|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Identifying DoS-attacked IP address(es)
FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates a model using the cross-product of: 1) source/destination address distributions 2) packet rate 3) protocol This works very well to detect floods and does not require messing with routers.. Livio. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Neil J. McRae Sent: Monday, December 16, 2002 9:38 AM To: Andre Chapuis Cc: Christopher L. Morrow; [email protected] Subject: Re: Identifying DoS-attacked IP address(es) Sampled netflow, or look at the traceback stuff in later IOS 12.0S versions. Avoid filter lists as the GSR engine cards have a statically limited number of entries. Regards, Neil.
|