[47320] in North American Network Operators' Group
Re: Effective ways to deal with DDoS attacks?
daemon@ATHENA.MIT.EDU (Avleen Vig)
Thu May 2 09:45:44 2002
Date: Thu, 2 May 2002 14:45:06 +0100 (BST)
From: Avleen Vig <lists-nanog@silverwraith.com>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: Pete Kruckenberg <pete@kruckenberg.com>,
"nanog@merit.edu" <nanog@merit.edu>
In-Reply-To: <20020502142724.E23790-100000@sequoia.muada.com>
Message-ID: <20020502144317.J16918-100000@apple.silverwraith.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2 May 2002, Iljitsch van Beijnum wrote:
> Basically, it works like this: when you identify the target of the attack,
> you have traffic for those target addresses rerouted to a "filter box".
> This filter box then contains source address based filters to get rid of
> the attacking traffic.
Two questions:
1) How do you plan on determining what an allowed src address and what
isn't?
2) Secondly, how would you deal with spoofed src addresses where the src
address is rarely repeated in the attack?
