[47799] in North American Network Operators' Group
Re: Arbor Networks DoS defense product
daemon@ATHENA.MIT.EDU (Pete Kruckenberg)
Wed May 15 02:15:09 2002
Date: Wed, 15 May 2002 00:14:35 -0600 (MDT)
From: Pete Kruckenberg <pete@kruckenberg.com>
To: <nanog@merit.edu>
In-Reply-To: <148701c1fbd4$dcf05120$1302a8c0@default>
Message-ID: <Pine.LNX.4.33.0205150009330.23027-100000@minot.kruckenberg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 15 May 2002, Rubens Kuhl Jr. wrote:
> If and when
> (a) customers don't get exemption for attack traffic
> (b) the DoS traffic occurs more than 5% (or 1 - your percentile level) of
> the month per customer circuit
> (c) the DoS increases bytes transferred like large ICMP packet flood; this
> is not the case for all DoS traffic, which can be a bunch of small packets
> that actually decreases traffic
These might apply to noticeable DoS attacks that occur as
specific events. But how much (D)DoS traffic goes unnoticed
by the average customer because it's too tough to detect or
defend against? The 10% I've measured on my network is
primarily reflected DDoS (reflected off my customers, to
off-net targets), which is not trivial to detect or defend
against.
Pete.
