[47258] in North American Network Operators' Group
Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Pete Kruckenberg)
Wed May 1 19:18:49 2002
Date: Wed, 1 May 2002 17:18:24 -0600 (MDT)
From: Pete Kruckenberg <pete@kruckenberg.com>
To: <nanog@merit.edu>
Message-ID: <Pine.LNX.4.33.0205011711080.5350-100000@minot.kruckenberg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
There's been plenty of discussion about DDoS attacks, and my
IDS system is darn good at identifying them. But what are
effective methods for large service-provider networks (ie
ones where a firewall at the front would not be possible) to
deal with DDoS attacks?
Current method of updating ACLs with the source and/or
destination are slow and error-prone and hard to maintain
(especially when the target of the attack is a site that
users would like to access).
A rather extensive survey of DDoS papers has not resulted in
much on this topic.
What processes and/or tools are large networks using to
identify and limit the impact of DDoS attacks?
Thanks.
Pete.
