[47279] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Thu May 2 00:19:33 2002
Date: Thu, 2 May 2002 04:16:45 +0000 (GMT)
From: "Christopher L. Morrow" <chris@UU.NET>
To: Pete Kruckenberg <pete@kruckenberg.com>
Cc: <nanog@merit.edu>
In-Reply-To: <Pine.LNX.4.33.0205011711080.5350-100000@minot.kruckenberg.com>
Message-ID: <Pine.GSO.4.33.0205020412570.11583-100000@rampart.argfrp.us.uu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
What we use and we're a 'largeish' network:
http://www.secsup.org/Tracking/
(shameless plug #1)
Among other things this is a tool we use... there was a great set of
slides and presentation given at NANOG23:
http://www.nanog.org/mtg-0110/greene.html
(shameless plug #2)
There is also a set of papers Barry Greene from Cisco has available on the
Cisco website... I'm positive he'll respond to this with the link, if he
doesn't search the NANOG mailing list archive for the link it should be
obvious in posts from Barry.
If you want more pointers I'd be glad to chat on the phone with you,
numbers included below.
--Chris
(chris@uu.net)
#######################################################
## UUNET Technologies, Inc. ##
## Manager ##
## Customer Router Security Engineering Team ##
## (W)703-886-3823 (C)703-338-7319 ##
#######################################################
On Wed, 1 May 2002, Pete Kruckenberg wrote:
>
> There's been plenty of discussion about DDoS attacks, and my
> IDS system is darn good at identifying them. But what are
> effective methods for large service-provider networks (ie
> ones where a firewall at the front would not be possible) to
> deal with DDoS attacks?
>
> Current method of updating ACLs with the source and/or
> destination are slow and error-prone and hard to maintain
> (especially when the target of the attack is a site that
> users would like to access).
>
> A rather extensive survey of DDoS papers has not resulted in
> much on this topic.
>
> What processes and/or tools are large networks using to
> identify and limit the impact of DDoS attacks?
>
> Thanks.
> Pete.
>
>
