Re: OBESEUS - A new type of DDOS protector

["Dobbins, Roland" <rdobbins () arbor net>]

On Mar 16, 2010, at 11:30 AM, Guillaume FORTAINE wrote:

> What do you think about Obeseus ?

Flow telemetry has demonstrated its extraordinary utility to network operators worldwide over the last decade, and 
continued advances such as Cisco's Flexible NetFlow and the IETF IPFIX/PSAMP effort signify that this is the broad 
consensus of the operational community.  

Scalability in terms of logically centralized detection/classification/traceback and minimizing the insertion of 
additional hardware devices into the network should be core design principles of any operationally viable solution in 
this space.

Volume is only one input into an operationally-viable detection/classification system.  

Traceback is also very important from an operational perspective.

ASIC-based edge routers do an excellent job of mitigating simple high-pps packet-flooding attacks via D/RTBH, S/RTBH 
and flowspec - again, the utility of these techniques has been validated by the operational community.

Layer-7 attacks against various types of services/apps can achieve significant amplification effects and 
disproportionate impact, are increasing in frequency and impact, and therefore must be addressed by any operationally 
viable solution in this space.

I believe that an effective and operationally useful open-source solution for basic DDoS 
detection/classification/traceback/mitigation can be implemented using existing widely-used and -understood 
tools/techniques as described here:

<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

    Injustice is relatively easy to bear; what stings is justice.

                        -- H.L. Mencken