North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DDoS detection and mitigation systems
On Mon, 3 Nov 2003, Alex Yuriev wrote: > > > Do you use/develop in-house tools to analyze Netflow on your peering routers > > and have that interface in near-realtime with the said routers to null route > > (BGP and RPF) the offending sources? > > Source or destination? Null routing source of DOS is not going to do you any > good. Null routing destination, especially automatically null routing unless you aren't concerned about pipe-usage and you runn uRPF on that pipe... > destination, creates a large possibility of shooting yourself in a foot. > yes, auto-actions for security, especially DoS-type things tend to shoot feet often :( Think Victoria Secret Fashion Show, or Cisco IOS upgrade for all platforms released under lots of press coverage (like the protocols problem earlier this year) -Chris
|