[47262] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (dies)
Wed May 1 20:03:06 2002
Date: Wed, 1 May 2002 18:29:51 -0500 (EST)
From: dies <dies@pulltheplug.com>
To: Pete Kruckenberg <pete@kruckenberg.com>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.33.0205011711080.5350-100000@minot.kruckenberg.com>
Message-ID: <Pine.LNX.4.33.0205011806410.32456-100000@shell.pulltheplug.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
http://www.secsup.org/Tracking/
UUNet uses that...others might as well, Shrug.
Quick, simple, effective tracking of DDoS attacks.
As for identifying attacks, quite honestly large ISP's are typically still
relying on customer notification. I know that's how we do it.
On Wed, 1 May 2002, Pete Kruckenberg wrote:
>
> There's been plenty of discussion about DDoS attacks, and my
> IDS system is darn good at identifying them. But what are
> effective methods for large service-provider networks (ie
> ones where a firewall at the front would not be possible) to
> deal with DDoS attacks?
>
> Current method of updating ACLs with the source and/or
> destination are slow and error-prone and hard to maintain
> (especially when the target of the attack is a site that
> users would like to access).
>
> A rather extensive survey of DDoS papers has not resulted in
> much on this topic.
>
> What processes and/or tools are large networks using to
> identify and limit the impact of DDoS attacks?
>
> Thanks.
> Pete.
>
>
>
