[167585] in North American Network Operators' Group
Re: ddos attacks
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Dec 19 16:24:26 2013
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "nanog@nanog.org list" <nanog@nanog.org>
Date: Thu, 19 Dec 2013 21:23:59 +0000
In-Reply-To: <CAD6AjGSbQZchc5mNi8gawrhd15YVFJVu87ABM_FpM-RN9iA4aw@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 19, 2013, at 6:12 AM, cb.list6 <cb.list6@gmail.com> wrote:
> I am strongly considering having my upstreams to simply rate limit ipv4 U=
DP.=20
QoS is a very poor mechanism for remediating DDoS attacks. It ensures that=
programmatically-generated attack traffic will 'squeeze out' legitimate tr=
affic.
> During an attack, 100% of the attack traffic is ipv4 udp (dns, chargen, w=
hatever).
Have you checked to see whether you and/or your customers have open DNS rec=
ursors, misconfigured CPE devices, etc. which can be used as reflectors/amp=
lifiers on your respective networks?
Have you implemented NetFlow and S/RTBH? Considered building a mitigation =
center?
<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>
Do you work with your peers/upstreams/downstreams to mitigate DDoS attacks =
when they ingress your network?
There are lots of things one can do to increase one's ability to detect, cl=
assify, traceback, and mitigate DDoS attacks, yet which aren't CAPEX-intens=
ive.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
