nanog mailing list archives
Re: Yahoo! Lessons Learned
From: Sean Donelan <sean () donelan com>
Date: 10 Feb 2000 13:36:43 -0800
On Thu, 10 February 2000, Vijay Gill wrote:
Of course, given that we can get netflow type packet histories, plotting the src/dest pairs for a while and then if there is a _large_ change (some n std dev) from the norm for some particular dst (nominally the one under attack), and then raising an alarm on that router/pipe, would make it trivial to trace these type of attacks. With history storage, it would make it easier to trace back after the fact.
I've wondered what type of statistical sampling could be used to find these attacks, but not require huge amounts of storage. The theory is these are very large traffic flows which congest the pipe and push other traffic out of the way. If you sample 1% of the traffic, and 99% of the sample is the same src/dest pair, something may be fishy.
Current thread:
- RE: FBI / NIPC released a DDoSD detection tool?, (continued)
- RE: FBI / NIPC released a DDoSD detection tool? NANOG Mailing List (Feb 10)
- RE: FBI / NIPC released a DDoSD detection tool? Patrick Evans (Feb 10)
- C Source for RE: FBI / NIPC released a DDoSD detection tool? Larry Snyder (Feb 10)
- Re: FBI / NIPC released a DDoSD detection tool? Pat Myrto (Feb 10)
- Re: FBI / NIPC released a DDoSD detection tool? Charles Sprickman (Feb 10)
- Re: FBI / NIPC released a DDoSD detection tool? Declan McCullagh (Feb 10)
- Re: FBI / NIPC released a DDoSD detection tool? Joe Shaw (Feb 10)
- Re: FBI / NIPC released a DDoSD detection tool? Richard Steenbergen (Feb 10)
- Message not available
- Re: FBI / NIPC released a DDoSD detection tool? Declan McCullagh (Feb 10)
- Re: Yahoo! Lessons Learned Vijay Gill (Feb 10)
- Re: Yahoo! Lessons Learned Alex Rubenstein (Feb 10)
- Re: Yahoo! Lessons Learned Randy Bush (Feb 10)
- Re: Yahoo! Lessons Learned Eric Kozowski (Feb 10)
- Re: Yahoo! Lessons Learned Alex Rubenstein (Feb 11)