nanog mailing list archives
Re: ddos attacks
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Thu, 19 Dec 2013 21:23:59 +0000
On Dec 19, 2013, at 6:12 AM, cb.list6 <cb.list6 () gmail com> wrote:
I am strongly considering having my upstreams to simply rate limit ipv4 UDP.
QoS is a very poor mechanism for remediating DDoS attacks. It ensures that programmatically-generated attack traffic will 'squeeze out' legitimate traffic.
During an attack, 100% of the attack traffic is ipv4 udp (dns, chargen, whatever).
Have you checked to see whether you and/or your customers have open DNS recursors, misconfigured CPE devices, etc. which can be used as reflectors/amplifiers on your respective networks? Have you implemented NetFlow and S/RTBH? Considered building a mitigation center? <http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html> Do you work with your peers/upstreams/downstreams to mitigate DDoS attacks when they ingress your network? There are lots of things one can do to increase one's ability to detect, classify, traceback, and mitigate DDoS attacks, yet which aren't CAPEX-intensive. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- Re: ddos attacks, (continued)
- Re: ddos attacks Nick Hilliard (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Nick Hilliard (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Tore Anderson (Dec 19)
- Re: ddos attacks Lee Howard (Dec 19)
- Re: ddos attacks Jon Lewis (Dec 19)
- Re: ddos attacks cb.list6 (Dec 19)
- Re: ddos attacks cb.list6 (Dec 19)
- Re: ddos attacks Dobbins, Roland (Dec 19)
- Re: ddos attacks Saku Ytti (Dec 20)
- Re: ddos attacks Dobbins, Roland (Dec 20)