North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mitigating HTTP DDoS attacks?

  • From: Roland Dobbins
  • Date: Mon Mar 24 18:40:08 2008
  • Authentication-results: hkg-dkim-2; [email protected]; dkim=pass ( sig from cisco.com/hkgdkim2001 verified; );
  • Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=747; t=1206397102; x=1207261102; c=relaxed/simple; s=hkgdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; [email protected]; z=From:=20Roland=20Dobbins=20<[email protected]> |Subject:=20Re=3A=20Mitigating=20HTTP=20DDoS=20attacks? |Sender:=20; bh=qWCtId7E3SN5j+gbDOxbjgoFWM3zZaUrce83WvZpysM=; b=bRrhlzq/t5yPj4pMrl2n86QG1IQMxM8hNCiAaqgVb6IYw1zsYAMLc45b9b eWekKw3wfHp4uYdgL3tafd9H6K/l33yMWlgLY6W6Da1HERle7qhxdYEiFZ/p JDg9U1wK2DcPscnPBSxX3tQtrIA03CziOkcJTyQ0tM1+isMimPYJw=;


On Mar 25, 2008, at 5:02 AM, Mike Lyon wrote:

Any input would be greatly appreciated.


There are devices available today from different vendors (including Cisco, full disclosure) which are intelligent DDoS-'scrubbers' and which can deal with more sophisticated types of attacks at layer-7, including HTTP and DNS. S/RTBH is also an option, keeping in mind some of the caveats you mentioned (staying mindful of attacking hosts behind proxies, botted hosts of legit customers, et. al.).

-----------------------------------------------------------------------
Roland Dobbins <[email protected]> // +66.83.266.6344 mobile

It doesn't pay to dispute what you know to be true.

-- Fred Reed