nanog mailing list archives
Re: Yahoo! Lessons Learned
From: Vijay Gill <wrath () cs umbc edu>
Date: Thu, 10 Feb 2000 16:24:53 -0500 (EST)
On Thu, 10 Feb 2000, NANOG Mailing List wrote:
WEB wrote: packet trace on routers passing giabits of traffic every second without killing the router/network and actually get usefull information out of it?
You bridge another device in line and have THAT device collect your data. Not as trivial for OCx connected routers but still possible. John Fraizer
Any monetary considerations applied to this or not? OC-192c line cards cost money. The trivial answer is that DDoS attacks cost money as well, but there is a cost/benefit analysis to be done here. Would that money be better spent elsewhere? At OC-192c for typical streams and a large sized network, the data collection alone becomes a nearly insurmountable issue. Think 48 or more 192c's in a hub, think 100 hubs. Assuming you can throw out the non customer links, you're still around 2400 or so bridged OC-192c's, with data polling/netflow type stats. Not a pretty picture. Of course, given that we can get netflow type packet histories, plotting the src/dest pairs for a while and then if there is a _large_ change (some n std dev) from the norm for some particular dst (nominally the one under attack), and then raising an alarm on that router/pipe, would make it trivial to trace these type of attacks. With history storage, it would make it easier to trace back after the fact. The problem is, the amount of data storage. I think it was Dr. Li who said "you can move the bits or you can count the bits" /vijay
Current thread:
- Yahoo! Lessons Learned Sean Donelan (Feb 08)
- Re: Yahoo! Lessons Learned Patrick Greenwell (Feb 08)
- Re: Yahoo! Lessons Learned Paul Ferguson (Feb 08)
- RE: Yahoo! Lessons Learned Roeland M.J. Meyer (Feb 08)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- Re: Yahoo! Lessons Learned brett watson (Feb 10)
- Re: Yahoo! Lessons Learned Richard Steenbergen (Feb 10)
- Re: Yahoo! Lessons Learned Paul Ferguson (Feb 10)
- Re: Yahoo! Lessons Learned NANOG Mailing List (Feb 10)
- Re: Yahoo! Lessons Learned Vijay Gill (Feb 10)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- <Possible follow-ups>
- RE: Yahoo! Lessons Learned K. Graham (Feb 08)
- Re: Yahoo! Lessons Learned Daniel Senie (Feb 08)
- Re: Yahoo! Lessons Learned Kai Schlichting (Feb 09)
- Re: Yahoo! Lessons Learned Henry Kilmer (Feb 09)
- Re: Yahoo! Lessons Learned Dan Hollis (Feb 09)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- Re: Yahoo! Lessons Learned Daniel Senie (Feb 08)
- Re: Yahoo! Lessons Learned Wayne Bouchard (Feb 09)
- Re: Yahoo! Lessons Learned John Payne (Feb 09)