[71644] in North American Network Operators' Group
Re: real-time DDoS help?
daemon@ATHENA.MIT.EDU (Rubens Kuhl Jr.)
Sat Jun 19 22:52:37 2004
Reply-To: "Rubens Kuhl Jr." <rubens@email.com>
From: "Rubens Kuhl Jr." <rubens@email.com>
To: <nanog@merit.edu>
Date: Sat, 19 Jun 2004 23:49:04 -0300
Errors-To: owner-nanog-outgoing@merit.edu
> Is there any place where people with experience dealing with DDoS attacks
> hang out? I'm getting very little assistance from my upstream beyond
> "call whomever is in charge of each IP attacking and make them stop", and
> "even though we null route the destination IP being attacked, this traffic
> will be billed".
It seems that you should look somewhere else for your next bandwidth
contract...
> I've got a nice snippet of flows, so I can mostly see where everything is
> coming from, and it's obvious what the target is, but my
> flow-stat/flow-report skills are pretty weak.
Fake or real source IPs ? TCP SYNs, ICMPs, UDPs ?
Rubens
