|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: handling ddos attacks
----- Original Message ----- From: "Paul Vixie" <[email protected]> To: <[email protected]> Sent: Thursday, May 20, 2004 9:48 PM Subject: Re: handling ddos attacks > > [email protected] (Mark Kent) writes: > > > I've been trying to find out what the current BCP is for handling ddos > > attacks. Mostly what I find is material about ... But I don't care > > about most of that. I care that a gazillion pps are crushing our border > > routers (7206/npe-g1). > > > > Other than getting bigger routers, is it still the case that the best > > we can do is identify the target IP (with netflow, for example) and > > have upstreams blackhole it? > > that seems hardly worthwhile. ddos is astonishingly easier to launch than > to defend against. if you stop a flow the attacker *might* get bored and > decide to do something else, but they could also decide to attack you from > a different direction, or wait two days and do it all over again, and every > time they attack and you defend it's 10 minutes of their time and 10 hours > of yours. > > far better to involve law enforcement and get some bad guys arrested, if > you possibly can. this changes your costs from 10 hours to 15 hours but it > actually puts some chips on the table and makes the game worthwhile. > -- > Paul Vixie Hey Paul ! Ok, I 'll buy that right now; we have a DDoS Attack on our core nameservers from 66.165.10.24. Where do we start, do I call the police in Bellingham or Washington State Police. We have blocked their ips but, we know they will come in another way. Peter OrgName: Western Washington University OrgID: WWU Address: Computer Center Address: 516 High Street City: Bellingham StateProv: WA PostalCode: 98225 Country: US NetRange: 66.165.0.0 - 66.165.31.255 CIDR: 66.165.0.0/19 NetName: WWU-RESIDENT-1 NetHandle: NET-66-165-0-0-2 Parent: NET-66-165-0-0-1 NetType: Reassigned NameServer: VIKING.WWU.EDU NameServer: HENSON.CC.WWU.EDU Comment: RegDate: 2002-08-15 Updated: 2002-08-15 TechHandle: JSW12-ARIN TechName: Williams, J. Scott TechPhone: +1-360-650-2868 TechEmail: [email protected]
|