North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: Identifying DoS-attacked IP address(es)
At 09:17 PM 12/16/2002 +0000, Christopher L. Morrow wrote:
On Mon, 16 Dec 2002, Livio Ricciulli wrote: > FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates > a model using the cross-product of: > 1) source/destination address distributions > 2) packet rate > 3) protocol But I can't field deploy this 2 continents away at 4am with 10 mins notice...
Yes, there needs to be some up-front investment to proactively deploy these
boxes/taps in strategic places. I did some analysis and the numbers are doable even
for the largest networks.
But then we get into philosophy; I have a lot of screwdrivers at home laying around but
I would much rather invest in chisels rather than keep trying carving wood with flathead
screwdrivers (but that's just me..)