handling ddos attacks

• From: Mark Kent
• Date: Thu May 20 14:54:42 2004

I've been trying to find out what the current BCP is for handling ddos
attacks.  Mostly what I find is material about how to be a good
net.citizen (we already are), how to tune a kernel to better withstand
a syn flood, router stuff you can do to protect hosts behind it, how
to track the attack back to the source, how to determine the nature of
the traffic, etc.

But I don't care about most of that.  I care that a gazillion
pps are crushing our border routers (7206/npe-g1).

Other than getting bigger routers, is it still the case that the best
we can do is identify the target IP (with netflow, for example) and
have upstreams blackhole it?

Thanks,
-mark

• Follow-Ups:
  • Re: handling ddos attacks Paul Vixie
  • Re: handling ddos attacks Danny McPherson
  • Re: handling ddos attacks Steve Gibbard
  • Re: [NANOG-LIST] handling ddos attacks Brent Van Dussen
  • Re: handling ddos attacks Rachael Treu-Gomes
  • Re: handling ddos attacks Matt Buford
  • Re: handling ddos attacks Jared Mauch
  • Re: handling ddos attacks Wayne E. Bouchard

• Prev by Date: Re: OT: Avi Freeman at the WSOP
• Next by Date: Re: handling ddos attacks
• Date Index
• Thread Index
• Author Index
• Historical