[175939] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: DDOS, IDS, RTBH, and Rate limiting

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sat Nov 8 21:29:40 2014

X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: NANOG <nanog@nanog.org>
Date: Sun, 09 Nov 2014 09:28:10 +0700
In-Reply-To: <001201cffbc0$d6730af0$835920d0$@iname.com>
Errors-To: nanog-bounces@nanog.org


On 9 Nov 2014, at 8:59, Frank Bulk wrote:

> I've written it before: if there was a software feature in routers 
> where I
> could specify the maximum rate any prefix size (up to /32) could 
> receive,
> that would be very helpful.

QoS generally isn't a suitable mechanism for DDoS mitigation, as the 
programmatically-generated attack traffic ends up 'crowding out' 
legitimate traffic.

S/RTBH, flowspec, and other methods tend to produce better results.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[175939] in North American Network Operators' Group

Re: DDOS, IDS, RTBH, and Rate limiting

daemon@ATHENA.MIT.EDU (Roland Dobbins)Sat Nov 8 21:29:40 2014

daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sat Nov 8 21:29:40 2014