[70603] in North American Network Operators' Group
Re: handling ddos attacks
daemon@ATHENA.MIT.EDU (Wayne E. Bouchard)
Thu May 20 15:01:28 2004
Date: Thu, 20 May 2004 12:00:23 -0700
From: "Wayne E. Bouchard" <web@typo.org>
To: Mark Kent <mark@noc.mainstreet.net>
Cc: nanog@merit.edu
In-Reply-To: <200405201852.i4KIq1PD020981@noc.mainstreet.net>
Errors-To: owner-nanog-outgoing@merit.edu
I too would be interested if someone could point a good white paper
for cisco DDOS protection mechanisms and best practices in general.
On Thu, May 20, 2004 at 11:52:01AM -0700, Mark Kent wrote:
>
> I've been trying to find out what the current BCP is for handling ddos
> attacks. Mostly what I find is material about how to be a good
> net.citizen (we already are), how to tune a kernel to better withstand
> a syn flood, router stuff you can do to protect hosts behind it, how
> to track the attack back to the source, how to determine the nature of
> the traffic, etc.
>
> But I don't care about most of that. I care that a gazillion
> pps are crushing our border routers (7206/npe-g1).
>
> Other than getting bigger routers, is it still the case that the best
> we can do is identify the target IP (with netflow, for example) and
> have upstreams blackhole it?
>
> Thanks,
> -mark
---
Wayne Bouchard
web@typo.org
Network Dude
http://www.typo.org/~web/
