nanog mailing list archives

Re: Is current DDoS detecting method effective?

From: Joe Shen <joe_hznm () yahoo com sg>
Date: Mon, 7 Mar 2005 14:05:58 +0800 (CST)

Hi,

It frightens me that you're sitting on 11Gb/s+ and
unable to utilize 
existing toold to determine what is within profile
for your network and 
what is not.


That what makes me think it's not possible to
determine "legal" traffic model by available tools.
The total BW keeps increasing, and network attack
keeps going on. We could estimate traffic scheme by
monitoring BW utilized, but it may has exhaust
customer's server resource when we consider those DoS
packet with our traffic scheme. 

So, Arbor and alike may be useful to enterprise users,
but to ISPs its effectiveness is questionable.


I'm certain that you'll be contacted by many
commercial vendors who have 
working profiling solutions.


I've discussed with some persons, they just disclame
but no demonstration and analysis.

Joe




__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com

Current thread:

Is current DDoS detecting method effective? Joe Shen (Mar 06)
- Re: Is current DDoS detecting method effective? Christopher L. Morrow (Mar 06)
  - Re: Is current DDoS detecting method effective? Joe Shen (Mar 07)
  - Re: Is current DDoS detecting method effective? Kim Onnel (Mar 07)
    - Re: Is current DDoS detecting method effective? Jared Mauch (Mar 07)
    - Re: Is current DDoS detecting method effective? Florian Weimer (Mar 07)
    - Re: Is current DDoS detecting method effective? Florian Weimer (Mar 07)
- <Possible follow-ups>
- Re: Is current DDoS detecting method effective? Fergie (Paul Ferguson) (Mar 06)
- Re: Is current DDoS detecting method effective? Joe Shen (Mar 06)