nanog mailing list archives
Re: Identifying DoS-attacked IP address(es)
From: Valdis.Kletnieks () vt edu
Date: Mon, 16 Dec 2002 17:29:59 -0500
On Mon, 16 Dec 2002 21:17:07 GMT, "Christopher L. Morrow" said:
On Mon, 16 Dec 2002, Livio Ricciulli wrote:FYI, we developed a system that sniffs FE,GE,DS3,OC3-48 POS and creates a model using the cross-product of: 1) source/destination address distributions 2) packet rate 3) protocolBut I can't field deploy this 2 continents away at 4am with 10 mins notice...
But that's OK, since you deployed it in last week's maintenance window, to comply with the upper management requirement that they be given advance notice of all unscheduled outages. ;) But seriously - if you had a HandWave 2100 already installed 2 continents away, would interrogating/tweaking/etc the model at 4AM with 10 minutes notice be feasible? (And yes, I know Chris probably has some tools in place before the fact - the question is how many of the REST of you do?) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Re: Identifying DoS-attacked IP address(es), (continued)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Neil J. McRae (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Livio Ricciulli (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) James-lists (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) James-lists (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Feger, James (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Christopher L. Morrow (Dec 16)
- Re: Identifying DoS-attacked IP address(es) Valdis . Kletnieks (Dec 16)
- Message not available
- RE: Identifying DoS-attacked IP address(es) Livio Ricciulli (Dec 16)