nanog mailing list archives
Re: DDoS mitigation recommendations
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Fri, 29 Jan 2010 05:01:19 +0000
On Jan 29, 2010, at 10:04 AM, Jonathan Lassoff wrote:
Something utilizing sflow/netflow and flowspec to block or direct traffic into a scrubbing box gets you much better bang for your buck past a certain scale.
This is absolutely key for packet-flooding types of attacks, and other attacks in which unadulterated pathological traffic can be detected/classified in detail, with minimal collateral damage. Everyone should implement S/RTBH and/or flow-spec whenever possible, this cannot be emphasized enough. Operators have made significant investments in high-speed, ASIC-powered routers at their edges; there's no reason not to utilize that horsepower, as it's already there and paid for. For situations in which valid and invalid traffic are highly intermixed, and/or layer-4/-7 heuristics are key in validating legitimate traffic and invalidating undesirable traffic, the additional capabilities of an IDMS which can perform such discrimination can be of benefit. As mentioned in a previous thread, it's possible to construct a base-level capability using open-source software, and commercial solutions from various vendors [full disclosure: I'm employed one of said vendors] are available, as well. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Current thread:
- DDoS mitigation recommendations Tom Sands (Jan 26)
- Re: DDoS mitigation recommendations David Freedman (Jan 26)
- RE: DDoS mitigation recommendations Korten, Sean (Jan 26)
- Re: DDoS mitigation recommendations Tom Sands (Jan 28)
- Message not available
- Re: DDoS mitigation recommendations Jeffrey Lyon (Jan 28)
- Re: DDoS mitigation recommendations Christopher Morrow (Jan 28)
- RE: DDoS mitigation recommendations Stefan Fouant (Jan 28)
- Re: DDoS mitigation recommendations Christopher Morrow (Jan 28)
- Re: DDoS mitigation recommendations Jonathan Lassoff (Jan 28)
- Re: DDoS mitigation recommendations Dobbins, Roland (Jan 28)
- RE: DDoS mitigation recommendations Korten, Sean (Jan 26)
- Re: DDoS mitigation recommendations David Freedman (Jan 26)
- Re: DDoS mitigation recommendations Tony Varriale (Jan 28)
- <Possible follow-ups>
- Re: DDoS mitigation recommendations Paul Stewart (Jan 26)
- Re: DDoS mitigation recommendations Stefan Fouant (Jan 26)
- Message not available
- Re: DDoS mitigation recommendations Jeffrey Lyon (Jan 26)
- Message not available
- Re: DDoS mitigation recommendations Ryan Brooks (Jan 26)
- Re: DDoS mitigation recommendations Brian Raaen (Jan 26)
- Re: DDoS mitigation recommendations Valdis . Kletnieks (Jan 27)
- RE: DDoS mitigation recommendations William Pitcock (Jan 27)