North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: handling ddos attacks
[email protected] (Mark Kent) writes: > I've been trying to find out what the current BCP is for handling ddos > attacks. Mostly what I find is material about ... But I don't care > about most of that. I care that a gazillion pps are crushing our border > routers (7206/npe-g1). > > Other than getting bigger routers, is it still the case that the best > we can do is identify the target IP (with netflow, for example) and > have upstreams blackhole it? that seems hardly worthwhile. ddos is astonishingly easier to launch than to defend against. if you stop a flow the attacker *might* get bored and decide to do something else, but they could also decide to attack you from a different direction, or wait two days and do it all over again, and every time they attack and you defend it's 10 minutes of their time and 10 hours of yours. far better to involve law enforcement and get some bad guys arrested, if you possibly can. this changes your costs from 10 hours to 15 hours but it actually puts some chips on the table and makes the game worthwhile. -- Paul Vixie
|