North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Identifying DoS-attacked IP address(es)
On Mon, 16 Dec 2002, Livio Ricciulli wrote: > FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates > a model using the cross-product of: > 1) source/destination address distributions > 2) packet rate > 3) protocol But I can't field deploy this 2 continents away at 4am with 10 mins notice... > > This works very well to detect floods and does not require messing with > routers.. > > Livio. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Neil J. McRae > Sent: Monday, December 16, 2002 9:38 AM > To: Andre Chapuis > Cc: Christopher L. Morrow; [email protected] > Subject: Re: Identifying DoS-attacked IP address(es) > > > Sampled netflow, or look at the traceback stuff in later > IOS 12.0S versions. Avoid filter lists as the GSR engine cards > have a statically limited number of entries. > > Regards, > Neil. >
|