[45100] in North American Network Operators' Group
Re: Growing DoS attacks
daemon@ATHENA.MIT.EDU (Paul Timmins)
Wed Jan 16 18:49:23 2002
Message-Id: <5.1.0.14.2.20020116184833.0344b630@new.workbench.net>
Date: Wed, 16 Jan 2002 18:49:48 -0500
To: "Pascal Gloor" <pascal.gloor@spale.com>
From: Paul Timmins <paul@timmins.net>
Cc: nanog@nanog.org
In-Reply-To: <005401c19ee3$54f39960$e7550fc3@spale.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Errors-To: owner-nanog-outgoing@merit.edu
What about BGP route flap dampening, people use that, don't they?
-Paul
At 06:12 PM 1/16/2002, you wrote:
>Get a box, and run Zebra BGPD, which will announce that /24 to your network.
>Then do a script which monitors the traffic to the irc server, and on a
>certain threshold, kill BGPD. wait a certain time, like 15minutes or so, and
>restart BGPD. It would be nice to check the traffic every minute and if 2
>consecutive checks are positive kill bgpd. That mean that you may be able
>to STOP dDoS to irc servers within 2-3 minutes...
