[103274] in North American Network Operators' Group
Re: Mitigating HTTP DDoS attacks?
daemon@ATHENA.MIT.EDU (Roger Marquis)
Mon Mar 24 21:59:42 2008
Date: Mon, 24 Mar 2008 18:58:03 -0700 (PDT)
From: Roger Marquis <marquis@roble.com>
To: nanog@merit.edu
In-Reply-To: <20080325011143.5046B4DF42@trapdoor.merit.edu>
Errors-To: owner-nanog@merit.edu
Mike Lyon wrote:
> So, i'm kind of new to this so please deal with my ignorance. But,
> what is common practice these days for HTTP DDoS mitigation during an
> attack? You can of course route every offending ip address to null0 at
> your border. But, if it's a botnet or trojan or something, It's coming
> from numerous different source IPs and Null0 routes can get very
> cumbersome. obviously. How do you folk usually deal with this?
Depends a lot on the size of the network. If it's more than a few colos I
highly recommend Arbor Peakflow (http://www.arbornetworks.com/). Not cheap
but it works and scales well.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
