[27076] in North American Network Operators' Group
Congestion or regression testing DDoS
daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Feb 9 01:33:36 2000
Date: 8 Feb 2000 22:30:40 -0800
Message-ID: <20000209063040.16135.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: nanog@merit.edu
From: Sean Donelan <sean@donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
After finding out more about the current round of denial of service
attacks, I think I have an answer for several of the periods of
congestion different providers experienced during the last couple
of weeks of January.
In January there were several reports of unusually large amounts of
traffic. This caused congestion problems at several different places,
but no provider or company made any public reports. With 20/20 hindsight
it appears someone was testing how well their DDoS tool worked on
less noticable sites. The engineers I spoke with indicated they saw
heavy congestion on certain links for a few hours, but it would stop on
its own accord. Later, they would see the same congestion, and again
it would stop.
If you think of it as "congestion" instead of a DoS, are there any tools
we use to control congestion which could be adapted to lessen the effects
of a DoS? Would RED(and RED variations), rate limiting, or any of the
many QoS knobs help?
