North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Identifying DoS-attacked IP address(es)

  • From: Livio Ricciulli
  • Date: Mon Dec 16 18:34:02 2002

At 09:17 PM 12/16/2002 +0000, Christopher L. Morrow wrote:

On Mon, 16 Dec 2002, Livio Ricciulli wrote:

> FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
> a model using the cross-product of:
> 1) source/destination address distributions
> 2) packet rate
> 3) protocol

But I can't field deploy this 2 continents away at 4am with 10 mins

Yes, there needs to be some up-front investment to proactively deploy these
boxes/taps in strategic places. I did some analysis and the numbers are doable even
for the largest networks.

But then we get into philosophy; I have a lot of screwdrivers at home laying around but
I would much rather invest in chisels rather than keep trying carving wood with flathead
screwdrivers (but that's just me..)