nanog mailing list archives
handling ddos attacks
From: Mark Kent <mark () noc mainstreet net>
Date: Thu, 20 May 2004 11:52:01 -0700 (PDT)
I've been trying to find out what the current BCP is for handling ddos attacks. Mostly what I find is material about how to be a good net.citizen (we already are), how to tune a kernel to better withstand a syn flood, router stuff you can do to protect hosts behind it, how to track the attack back to the source, how to determine the nature of the traffic, etc. But I don't care about most of that. I care that a gazillion pps are crushing our border routers (7206/npe-g1). Other than getting bigger routers, is it still the case that the best we can do is identify the target IP (with netflow, for example) and have upstreams blackhole it? Thanks, -mark
Current thread:
- handling ddos attacks Mark Kent (May 20)
- Re: handling ddos attacks Wayne E. Bouchard (May 20)
- Re: handling ddos attacks Hank Nussbacher (May 20)
- Re: handling ddos attacks Jared Mauch (May 20)
- Re: handling ddos attacks Vincent Gillet - Opentransit (May 20)
- Re: handling ddos attacks Matt Buford (May 20)
- Re: handling ddos attacks Rachael Treu-Gomes (May 20)
- Re: [NANOG-LIST] handling ddos attacks Brent Van Dussen (May 20)
- Re: handling ddos attacks Steve Gibbard (May 20)
- Re: handling ddos attacks Danny McPherson (May 20)
- Re: handling ddos attacks Paul Vixie (May 20)
(Thread continues...)
- Re: handling ddos attacks Wayne E. Bouchard (May 20)