nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Over a decade of DDOS--any progress yet?

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Wed, 8 Dec 2010 12:53:51 +0000

On Dec 8, 2010, at 7:28 PM, Arturo Servin wrote:


      One big problem (IMHO) of DDoS is that sources (the host of botnets) may be completely unaware that they are 
part of a DDoS. I do not mean the bot machine, I mean the ISP connecting those.


The technology exists to detect and classify this attack traffic, and is deployed in production networks today.

And of course, the legitimate owners of the botted hosts are generally unaware that their machine is being used for 
nefarious purposes.


      In the other hand the target of a DDoS cannot do anything to stop to attack besides adding more BW or 
contacting one by one the whole path of providers to try to minimize the effect.


Actually, there're lots of things they can do.


      I know that this has many security concerns, but would it be good a signalling protocol between ISPs to inform 
the sources of a DDoS attack in order to take semiautomatic actions to rate-limit the traffic as close as the source? 
Of course that this is more complex that these three or two lines, but I wonder if this has been considerer in the 
past.


It already exists.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

               Sell your computer and buy a guitar.
Previous By Date Next
Previous By Thread Next

Current thread: