nanog mailing list archives
RE: Identifying DoS-attacked IP address(es)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Mon, 16 Dec 2002 21:17:07 +0000 (GMT)
On Mon, 16 Dec 2002, Livio Ricciulli wrote:
FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates a model using the cross-product of: 1) source/destination address distributions 2) packet rate 3) protocol
But I can't field deploy this 2 continents away at 4am with 10 mins notice...
This works very well to detect floods and does not require messing with routers.. Livio. -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Neil J. McRae Sent: Monday, December 16, 2002 9:38 AM To: Andre Chapuis Cc: Christopher L. Morrow; nanog () nanog org Subject: Re: Identifying DoS-attacked IP address(es) Sampled netflow, or look at the traceback stuff in later IOS 12.0S versions. Avoid filter lists as the GSR engine cards have a statically limited number of entries. Regards, Neil.
Current thread:
- Identifying DoS-attacked IP address(es) Andre Chapuis (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Barry Raveendran Greene (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Message not available
- Re: Identifying DoS-attacked IP address(es) Andre Chapuis (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Neil J. McRae (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Neil J. McRae (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Andre Chapuis (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Livio Ricciulli (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) James-lists (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) James-lists (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Feger, James (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Valdis . Kletnieks (Dec 16)
- Message not available
- RE: Identifying DoS-attacked IP address(es) Livio Ricciulli (Dec 16)
- <Possible follow-ups>
- RE: Identifying DoS-attacked IP address(es) Brennan_Murphy (Dec 16)