North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Identifying DoS-attacked IP address(es)
On Mon, 16 Dec 2002 21:17:07 GMT, "Christopher L. Morrow" said: > On Mon, 16 Dec 2002, Livio Ricciulli wrote: >> FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates >> a model using the cross-product of: >> 1) source/destination address distributions >> 2) packet rate >> 3) protocol > But I can't field deploy this 2 continents away at 4am with 10 mins > notice... But that's OK, since you deployed it in last week's maintenance window, to comply with the upper management requirement that they be given advance notice of all unscheduled outages. ;) But seriously - if you had a HandWave 2100 already installed 2 continents away, would interrogating/tweaking/etc the model at 4AM with 10 minutes notice be feasible? (And yes, I know Chris probably has some tools in place before the fact - the question is how many of the REST of you do?) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech Attachment:
pgp00009.pgp
|