[39530] in North American Network Operators' Group
RE: DDoS attacks
daemon@ATHENA.MIT.EDU (Brad)
Thu Jul 12 21:00:13 2001
Date: Thu, 12 Jul 2001 19:07:33 -0600 (MDT)
From: Brad <brad@americanisp.net>
To: Dan Hollis <goemon@anime.net>
Cc: David Harmelin <david.harmelin@dante.org.uk>,
Roeland Meyer <rmeyer@mhsc.com>, "'up@3.am'" <up@3.am>,
<nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.30.0107121746180.30645-100000@anime.net>
Message-ID: <Pine.LNX.4.33.0107121903230.25773-100000@sh01>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 12 Jul 2001, Dan Hollis wrote:
> On Thu, 12 Jul 2001, Brad wrote:
> > Sorry- but after doing all of that, DDoS attacks still
> > saturate even the largest circuits- thus denying the
> > service.
>
> It is not perfect, but it does help.
>
> Of course there are those who take the approach "it is not a perfect
> solution so we will not bother filtering anything at all".
Well- I have a little experience with this, and from that
experience I have noticed that DDoS attacks can often
saturate the circuits to the point of BGP failure. Of
course- null-routing the target address does help with the
CPU overhead a little.. However the service is effectivly
shut off by that point anyway.
> -Dan
---
Brad Baker
Director: Network Operations
American ISP
brad@americanisp.net
+1 303 984 5700 x12
http://www.americanisp.net/
