North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: looking for pull traffic
On Thu, 13 Nov 2003, Richard A Steenbergen wrote: > The traffic is too short and bursty to be of any benefit, even when you > can successfully filter it so that no other operations are impacted. I think that would be the biggest trick in order to even ratios - keep other services unaffected. I think most DOS traffic is hard to wrangle. > I also stand by my opinion that DoS does not happen without a reason. I happen to agree with that %100. Most of the times I get DOS on my network its either: 1. IRC 2. The EFF #2 doesn't happen that often, but when it does, its sortof entertaining to figure out where/what/why. Most people love the EFF, and are happy to help sort out problems :) #1 happens more often, but I generally tend to keep a good lot of direct customers, and the people targeted are customers of customers. > Those kinds of targets are generally not only engaged in some activity > which invites attack (such as running an IRC server), they are actively > encouraging it by their behavior, and probably should be booted anyways > for other reasons that you just don't know about yet. I've seen a few ISP's who run IRC servers reserve IP blocks for them, and only announce said blocks to peers. Seems like a good way to cut down on the number of people to contact when you have DOS aimed at it. > The only benefit to having a hefty outbound ratio is that you have plenty > of headroom to work with when attacks do come in. Unless you happen to > notice that a large amount of the traffic is coming from certain Asian > Pacific networks, and intentionally peer with them to setup choke points. > :) Good point. I'd be curious to see in terms of percentages, which networks source the most DOS and then keep them on INOC-DBA SpeedDial. I had in fact suggested to a certain Asian Pacific network that we should peer so that when someone on their network did launch a DOS against one of my customers, it would only cause problems there :) Whats next, DOS-NAP?
|