nanog mailing list archives

Re: Effective ways to deal with DDoS attacks?

From: Scott Francis <darkuncle () darkuncle net>
Date: Thu, 2 May 2002 01:37:07 -0700

On Wed, May 01, 2002 at 05:18:24PM -0600, pete () kruckenberg com said:
[snip]

A rather extensive survey of DDoS papers has not resulted in
much on this topic.

What processes and/or tools are large networks using to
identify and limit the impact of DDoS attacks?


It seems to me that the real issue in defending against an attack of this
type of differentiating between legitimate traffic and zombie traffic. This
seems to be self-evident, but on a distributed scale, how _would_ one tell
the difference between a host/netblock that's making a lot of requests to a
busy site (amazon.com, say) and a host/netblock that's sending a lot of
zombie requests, especially when both sets of requests are bound for the same
ports (80/443 in this case) on the same IP/set of IPs? The more D the DoS,
the more difficult it becomes to tell what's legit and what's not.

(Stating the obvious again, I know, but it helps me think. :) )

-- 
Scott Francis                   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager          sfrancis@ [work:]         t o n o s . c o m
GPG public key 0xCB33CCA7              illum oportet crescere me autem minui

Attachment: _bin
Description:

Current thread:

Re: Effective ways to deal with DDoS attacks?, (continued)
- - - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Pete Kruckenberg (May 01)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
  - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
    - Re: Effective ways to deal with DDoS attacks? Vincent Gillet (May 02)
    - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
    - Re: Effective ways to deal with DDoS attacks? measl (May 02)
- Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 01)
- Message not available
  - Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)
- Re: Effective ways to deal with DDoS attacks? Scott Francis (May 02)
- Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
  - Re: Effective ways to deal with DDoS attacks? Avleen Vig (May 02)
    - Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
  - Re: Effective ways to deal with DDoS attacks? Christopher L. Morrow (May 02)
    - Re: Effective ways to deal with DDoS attacks? Iljitsch van Beijnum (May 02)
    - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 04)
- Re: Effective ways to deal with DDoS attacks? Kurt Erik Lindqvist (May 06)
- RE: Effective ways to deal with DDoS attacks? LeBlanc, Jason (May 02)
  - Re: Effective ways to deal with DDoS attacks? Richard A Steenbergen (May 02)
    - Re: Effective ways to deal with DDoS attacks? Hank Nussbacher (May 02)

(Thread continues...)