|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Identifying DoS-attacked IP address(es)
At 09:17 PM 12/16/2002 +0000, Christopher L. Morrow wrote: On Mon, 16 Dec 2002, Livio Ricciulli wrote: > FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates > a model using the cross-product of: > 1) source/destination address distributions > 2) packet rate > 3) protocol But I can't field deploy this 2 continents away at 4am with 10 mins notice... Yes, there needs to be some up-front investment to proactively deploy these boxes/taps in strategic places. I did some analysis and the numbers are doable even for the largest networks. But then we get into philosophy; I have a lot of screwdrivers at home laying around but I would much rather invest in chisels rather than keep trying carving wood with flathead screwdrivers (but that's just me..) Livio.
|