[80684] in North American Network Operators' Group
Re: DOS attack tracing
daemon@ATHENA.MIT.EDU (Scott Weeks)
Mon May 9 20:11:12 2005
Date: Mon, 9 May 2005 14:09:02 -1000 (HST)
From: Scott Weeks <surfer@mauigateway.com>
To: nanog@merit.edu
In-Reply-To: <EINSTEINBtOdKMnap2S00000e71@einstein.systemmetrics.com>
Errors-To: owner-nanog@merit.edu
On Mon, 9 May 2005, Richard wrote:
: We recently experienced several DOS attacks which drove our backbone routers
: CPU to 100%. The routers are not under attack, but the router just couldn't
: handle the traffic. There is a plan to upgrade these routers. One criteria
: is the ability to track which IP address is under attack and blackhole the
: traffic quickly. Anyone can share your experience of what kind of router is
: capable of doing this?
:
: Also besides having a powerful router which can handle large volume of
: traffic, is there any other things that we need to consider in selecting the
: routers?
You shouldn't buy a bigger router just to handle DOS attacks. THere're
many ways to address these types of issues using routers and/or servers.
What is your normal CPU usage when there is no DOS attack? What does your
capacity look like on the router interface where the DOS is coming in on?
We need more info.
scott
