[91996] in North American Network Operators' Group
Re: Experiences with DDoS platforms...
daemon@ATHENA.MIT.EDU (Peter Corlett)
Tue Aug 29 15:13:06 2006
In-Reply-To: <20060828.190159.28.799148@webmail04.lax.untd.com>
From: Peter Corlett <abuse@cabal.org.uk>
Date: Tue, 29 Aug 2006 20:10:49 +0100
To: nanog@nanog.org
X-SA-Exim-Rcpt-To: nanog@nanog.org, abuse@cabal.org.uk
X-SA-Exim-Mail-From: abuse@cabal.org.uk
Errors-To: owner-nanog@merit.edu
On 29 Aug 2006, at 02:01, Fergie wrote:
[...]
> I was looking to see what opinions folks on the list may have on
> the DDoS "appliance" vendor products available -- I'm particularly
> looking for a stand-alone (or in conjunction with a 'traffic analysis'
> box) to off-load DoS "mitigation" -- real-world experiences welcome.
Two jobs ago, I was at UKSolutions (aka UKS). One of UKS's products
is the UKShells brand which is a script kiddie magnet and has a good
number of IRC servers running on the accounts. IRC servers are a DDoS
magnet as you probably know, so UKS got rather good at automating
DDoS mitigation so nobody has to get out of bed to deal with it nor
do any customers really notice.
The exact details of the system a bit of a mystery to me, but it was
a multi-faceted approach that did a fair bit of analysis of the
traffic and quite selective in its filtering, and was most definitely
rather effective against DDoSes that should by rights have crippled
the whole ISP, never mind the single box that was being targetted.
You'll be wanting to speak to Dan Lowe.
