[123811] in North American Network Operators' Group
Re: OBESEUS - A new type of DDOS protector
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Tue Mar 16 09:37:03 2010
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Tue, 16 Mar 2010 13:35:43 +0000
In-Reply-To: <BLU0-SMTP39B891C3821EF73240BA67C82D0@phx.gbl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 16, 2010, at 11:30 AM, Guillaume FORTAINE wrote:
> What do you think about Obeseus ?
Flow telemetry has demonstrated its extraordinary utility to network operat=
ors worldwide over the last decade, and continued advances such as Cisco's =
Flexible NetFlow and the IETF IPFIX/PSAMP effort signify that this is the b=
road consensus of the operational community. =20
Scalability in terms of logically centralized detection/classification/trac=
eback and minimizing the insertion of additional hardware devices into the =
network should be core design principles of any operationally viable soluti=
on in this space.
Volume is only one input into an operationally-viable detection/classificat=
ion system. =20
Traceback is also very important from an operational perspective.
ASIC-based edge routers do an excellent job of mitigating simple high-pps p=
acket-flooding attacks via D/RTBH, S/RTBH and flowspec - again, the utility=
of these techniques has been validated by the operational community.
Layer-7 attacks against various types of services/apps can achieve signific=
ant amplification effects and disproportionate impact, are increasing in fr=
equency and impact, and therefore must be addressed by any operationally vi=
able solution in this space.
I believe that an effective and operationally useful open-source solution f=
or basic DDoS detection/classification/traceback/mitigation can be implemen=
ted using existing widely-used and -understood tools/techniques as describe=
d here:
<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
