nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Effective ways to deal with DDoS attacks?

From: Vincent Gillet <vgi () zoreil com>
Date: Thu, 2 May 2002 10:53:24 +0200

chris () UU NET disait :


have been on the receiving end of, the first was generating a little over
300mbit/sec (steady for a prolonged time), and the second went over that by a
fair bit.  In both cases, we had core equipment (M20's and BSN5000's) fall
over and die trying to "work" the events.  Additionally, our upstream peers


Your M20 tipped over?? What were you doing? We regularly stop large
(+100Mb->800Mb) attacks with less horsepower than this. Truthfully, a
cisco is even capable of filtering (done right) at +200kpps...


On Cisco boxes, it depends too much on Interface type, LC Engine, IOS, ...
etc ...

Beside, some features cannot run concurently (i remumber an ACL on GSR
that make my netflow export stop .... it tooks days to figure this out !!!)

ACL Implement on GSR is too a nightmare.
We are operating more than 70 GSRs with very different interface, LC engine and IOS ...

_some_ IOS with _some_ LC might truthfully filter (turbo, extended, vanilla,
in, out ACLs ?!) .... but there is too many variable in the equation
to get ops people use it for massive anti-DOS purpose !

Vincent.
Previous By Date Next
Previous By Thread Next

Current thread: