[54192] in North American Network Operators' Group
Re: Identifying DoS-attacked IP address(es)
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Dec 16 17:31:25 2002
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: nanog@nanog.org
In-Reply-To: Your message of "Mon, 16 Dec 2002 21:17:07 GMT."
<Pine.GSO.4.33.0212162116320.22551-100000@rampart.argfrp.us.uu.net>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 16 Dec 2002 17:29:59 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_-1560234460P
Content-Type: text/plain; charset=us-ascii
On Mon, 16 Dec 2002 21:17:07 GMT, "Christopher L. Morrow" said:
> On Mon, 16 Dec 2002, Livio Ricciulli wrote:
>> FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates
>> a model using the cross-product of:
>> 1) source/destination address distributions
>> 2) packet rate
>> 3) protocol
> But I can't field deploy this 2 continents away at 4am with 10 mins
> notice...
But that's OK, since you deployed it in last week's maintenance window, to
comply with the upper management requirement that they be given advance
notice of all unscheduled outages. ;)
But seriously - if you had a HandWave 2100 already installed 2 continents
away, would interrogating/tweaking/etc the model at 4AM with 10 minutes
notice be feasible?
(And yes, I know Chris probably has some tools in place before the fact -
the question is how many of the REST of you do?)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
--==_Exmh_-1560234460P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9/lPncC3lWbTT17ARAqTLAJ47nvZqCmrOORhauFXjgr4PvWMUCACdHCY3
xQ8mayerxX/f/ziJWN4nD4w=
=II1f
-----END PGP SIGNATURE-----
--==_Exmh_-1560234460P--
