[80697] in North American Network Operators' Group
Re: DOS attack tracing
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue May 10 05:05:37 2005
Date: Tue, 10 May 2005 14:35:08 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
Reply-To: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Kim Onnel <karim.adel@gmail.com>
Cc: Scott Weeks <surfer@mauigateway.com>, nanog@merit.edu
In-Reply-To: <e05f3929050510011943858d7c@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
Quite decent suggestions
On 5/10/05, Kim Onnel <karim.adel@gmail.com> wrote:
> 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
> & analyzers
> 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS templ=
ate
> 5) Monitor CPU/Netflow table size using SNMP
> 6) Request a blackholing BGP community from your upsream provider.
You start with #4, first of all. Then get #6. Then put #2 and #5 in place=
.
After that, you get one or the other of these, if you can push through
a budget for expensive kit.
> 1) Get 'Cisco guard' , too expensive ?
> 2) Get Arbor, Stealthflow, Esphion, too expensive ?
--srs
--=20
Suresh Ramasubramanian (ops.lists@gmail.com)
