[74528] in North American Network Operators' Group
ddos attack advice
daemon@ATHENA.MIT.EDU (adrian kok)
Thu Sep 30 16:26:44 2004
Date: Fri, 1 Oct 2004 04:23:02 +0800 (CST)
From: adrian kok <adriankok2000@yahoo.com.hk>
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Dear all
I have ddos attack to our ip A.B.C.D yesterday.
Someone suggest me to post it here and I might get
advice from this newsgroup
1/ What's good methodology in blocking certain IP
address? ACL or strictly filtering list,
Which one is better?
or some other effective ways also?
2/ We could act immediately to block the IP address at
our firewall; but the load is still in our end (from
the machine A.B.C.D trasnfered to our firewall)
Then we also asked our uptream ISP to block it, the
load should be at their end.
How does ISP handle the sudden bandwidth resulted from
a DDOS attack.
Thank you
