nanog mailing list archives
RE: Identifying DoS-attacked IP address(es) Sniffer
From: alex () yuriev com
Date: Tue, 17 Dec 2002 10:20:07 -0500 (EST)
The Sniffer and other tools like it are meant to drink from a fire hose. So, is it far fetched to analyze a dozen or more OC-12's other than from a router?? No. In fact carriers should embrace a different approach to further understand and analyze their backbone. Analyzers' with filters of attack/virus definitions can play a key role in fast, efficient response in the fight against distributed attacks.
Should the sales people trying to peddle their wares learn a bit about underlying technologies and be forced to take Algebra 101 before be let lose on NANOG? So your SONET sniffer decodes STS->[other stuff]->IP->[other-stuff]->app-layer and matches against definitions that you have, and does it all in real-time, does not fall over due to load, deals with fragmentation and assymetic routing and so on. Oh, and then of course it does it all in a secure manner since the traffic should not be exposed to 3rd parties. Yeah, right. Alex
Current thread:
- RE: Identifying DoS-attacked IP address(es) Sniffer Brennan_Murphy (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Sniffer alex (Dec 16)
- RE: Identifying DoS-attacked IP address(es) Sniffer Livio Ricciulli (Dec 17)
- <Possible follow-ups>
- RE: Identifying DoS-attacked IP address(es) Sniffer alex (Dec 17)
- RE: Identifying DoS-attacked IP address(es) Sniffer alex (Dec 16)