|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: handling ddos attacks
A paper based on a presentation I did at the PAIX peering forum in December is here: http://www.stevegibbard.com/ddos-talk.htm I should probably update it a bit, but that may not happen any time soon. Slides from another presentation at the same conference are here: http://www.prostructure.com/content/research/presentations/ddos_intro/ -Steve On Thu, 20 May 2004, Mark Kent wrote: > > I've been trying to find out what the current BCP is for handling ddos > attacks. Mostly what I find is material about how to be a good > net.citizen (we already are), how to tune a kernel to better withstand > a syn flood, router stuff you can do to protect hosts behind it, how > to track the attack back to the source, how to determine the nature of > the traffic, etc. > > But I don't care about most of that. I care that a gazillion > pps are crushing our border routers (7206/npe-g1). > > Other than getting bigger routers, is it still the case that the best > we can do is identify the target IP (with netflow, for example) and > have upstreams blackhole it? > > Thanks, > -mark >
|