nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: D/DoS mitigation hardware/software needed.

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Tue, 5 Jan 2010 05:47:05 +0000

On Jan 5, 2010, at 12:39 PM, Stefan Fouant wrote:


The trick is to try to automate as much around the process as possible - I've worked in environments where just 
making little changes to incident handling response methods reduced the time to mitigate an attack from hours to 
minutes, all the while still requiring an operator to press the "big red button" to offramp and enable the mitigation.


Concur 100% - and when the end-customer is under attack and screaming, this reduction in time to 
detect/classify/traceback/mitigate makes all the difference.

Your very salient comments highlight the paramount importance of preparation as the key enabling phase of the six-phase 
security incident-handling methodology:

1.      Preparation.

2.      Detection/identification.

3.      Classification.

4.      Traceback.

5.      Reaction.

6.      Post-mortem (feeding lessons learned back into the Preparation phase).

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken
Previous By Date Next
Previous By Thread Next

Current thread: