[70638] in North American Network Operators' Group
Re: handling ddos attacks
daemon@ATHENA.MIT.EDU (Danny McPherson)
Thu May 20 19:19:01 2004
In-Reply-To: <200405201852.i4KIq1PD020981@noc.mainstreet.net>
From: Danny McPherson <danny@tcb.net>
Date: Thu, 20 May 2004 17:15:06 -0600
To: NANOG <nanog@merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
On May 20, 2004, at 12:52 PM, Mark Kent wrote:
>
> I've been trying to find out what the current BCP is for handling ddos
> attacks. Mostly what I find is material about how to be a good
> net.citizen (we already are), how to tune a kernel to better withstand
> a syn flood, router stuff you can do to protect hosts behind it, how
> to track the attack back to the source, how to determine the nature of
> the traffic, etc.
There's lots and lots of really-useful-very-often-multi-vendor
stuff here:
ftp://ftp-eng.cisco.com/cons/isp/security/
In particular, under the bootcamp and CPN-summit stuff. Though it may
seem vendor-specific per logos and the like, I know of several (more
than three) vendors that have contributed to this content, most of
which is
very practical and generally informative, and should be applicable to
most
deployed vendors. There's also some VOD stuff here that expands some
areas of the content:
http://www.getitmm.com/bootcampflash/launch.html
HTH,
-danny
