[189001] in North American Network Operators' Group
Re: BGP FlowSpec
daemon@ATHENA.MIT.EDU (Martin Bacher)
Fri Apr 29 05:02:44 2016
X-Original-To: nanog@nanog.org
From: Martin Bacher <ti14m028@technikum-wien.at>
In-Reply-To: <CAJEFqDep_sPATKCYph6_SFRM9VWmk+TfP0zV2u=Q6FKO+ddsTw@mail.gmail.com>
Date: Fri, 29 Apr 2016 11:02:35 +0200
To: Tyler Haske <tyler.haske@gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hello Tyler,
thanks for your reply.
> Am 28.04.2016 um 17:37 schrieb Tyler Haske <tyler.haske@gmail.com>:
>=20
> Martin,
>=20
>=20
> > Last but not least: I am also looking for anonymized statistical =
data about DDoS attacks which I could use in the thesis. I am mainly =
interested in data about the
> > type of attacks, attack time, sources, source and destination ports, =
and so on. I know this something which is generally not shared, so I =
would really appreciate it if
> > someone would be able to share such data.
>=20
> Many companies are extremely reluctant to share their attack data. But =
that's OK, because there are other ways to get it.
>=20
> Have you investigated backscatter analysis? It's used to see ongoing =
and current Internet scope DDoS attacks.
I just had a look on that and thought that its only be able to detect =
some of the attacks. You might not detect large state of the art =
reflection and amplification attacks with that method. But i think it is =
useful for some sort of attacks like SYN flood. Do you agree?
>=20
> Inferring Internet Denial of Service Activity
> https://cseweb.ucsd.edu/~savage/papers/UsenixSec01.pdf
>=20
> Analyzing Large DDoS Attacks Using Multiple Data Sources
> https://www.cs.utah.edu/~kobus/docs/ddos.lsad.pdf
>=20
> ISP Security - Real World Techniques
> https://www.nanog.org/meetings/nanog23/presentations/greene.ppt
>=20
> A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques =
in a Service Provider Environment
> =
https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-p=
revention-monitoring-mitigation-techniques-service-provider-enviro-1212
>=20
> Maybe you have access to some public IPs, then you can do this data =
collection yourself.
Sure, I will definitely think about hat.
Thanks again for your reply and for providing the links.
Greetings,
Martin
>=20
> Regards,
>=20
> Tyler
>=20
