[91992] in North American Network Operators' Group
Experiences with DDoS platforms...
daemon@ATHENA.MIT.EDU (Fergie)
Mon Aug 28 22:04:16 2006
From: "Fergie" <fergdawg@netzero.net>
Date: Tue, 29 Aug 2006 02:01:49 GMT
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
So, it would appear to me that simply analyzing netflow data, etc.,
at the time of a (D)DoS attack, and then black-holing (by hand) the
offending source addresses may not be the most scalable and
efficient way of dealing/coping/mitigating/staying-on-the-air
during an attack.
Of course, depending where you are on the food chain, the resources
one is trying to protect, the volume of DDoS traffic, etc, plays into
the equation, etc.
I was looking to see what opinions folks on the list may have on
the DDoS "appliance" vendor products available -- I'm particularly
looking for a stand-alone (or in conjunction with a 'traffic analysis'
box) to off-load DoS "mitigation" -- real-world experiences welcome.
Please direct responses to me off-list, or not...
Thanks,
- ferg
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
