[54199] in North American Network Operators' Group
RE: Identifying DoS-attacked IP address(es) Sniffer
daemon@ATHENA.MIT.EDU (alex@yuriev.com)
Mon Dec 16 19:38:45 2002
Date: Mon, 16 Dec 2002 19:52:21 -0500 (EST)
From: alex@yuriev.com
To: Brennan_Murphy@NAI.com
Cc: chapuis@ip-plus.net, nanog@nanog.org
In-Reply-To: <B481990C9658D411BD3C009027D6F544040C61E4@ca-exchange3.na.nai.com>
Errors-To: owner-nanog-outgoing@merit.edu
>
> Even though you are asking this question with regard to what can
> be done on the router itself, it's worth mentioning, if only for
> the archives, a non-router approach to the problem...especially if
> you are an enterprise network manager. It's even worth
> mentioning despite the fact that I work for a company that provides
> said approach.
>
> Some of our enterprise customers place distributed Sniffers on their
> internet links themselves. Upon receiving an alert, they connect to the
> Sniffer
> and click on Top Ten talkers by bytes (presented in pie/bar chart).
[skip]
You want to put a box like this to analyze and dozen OC-12c(s)? I know that
the sales people for boxes like this right now are really hurting for
business but give us a break.
Alex
