nanog mailing list archives
Re: BGP FlowSpec
From: dennis <dennis () justipit com>
Date: Fri, 29 Apr 2016 06:08:53 -0700
Hi
Amplification attacks and syn floods are just touching the surface of ddos attack vectors. You should look into some
industry reports:
Here are a couple examples to get you started.
https://www.radware.com/ert-report-2015/
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
Sent via the Samsung GALAXY S® 5, an AT&T 4G LTE smartphone
-------- Original message --------
From: Martin Bacher <ti14m028 () technikum-wien at>
Date: 4/29/2016 2:02 AM (GMT-08:00)
To: Tyler Haske <tyler.haske () gmail com>
Cc: NANOG list <nanog () nanog org>
Subject: Re: BGP FlowSpec
Hello Tyler,
thanks for your reply.
Am 28.04.2016 um 17:37 schrieb Tyler Haske <tyler.haske () gmail com>: Martin,Last but not least: I am also looking for anonymized statistical data about DDoS attacks which I could use in the thesis. I am mainly interested in data about the type of attacks, attack time, sources, source and destination ports, and so on. I know this something which is generally not shared, so I would really appreciate it if someone would be able to share such data.Many companies are extremely reluctant to share their attack data. But that's OK, because there are other ways to get it. Have you investigated backscatter analysis? It's used to see ongoing and current Internet scope DDoS attacks.
I just had a look on that and thought that its only be able to detect some of the attacks. You might not detect large state of the art reflection and amplification attacks with that method. But i think it is useful for some sort of attacks like SYN flood. Do you agree?
Inferring Internet Denial of Service Activity https://cseweb.ucsd.edu/~savage/papers/UsenixSec01.pdf Analyzing Large DDoS Attacks Using Multiple Data Sources https://www.cs.utah.edu/~kobus/docs/ddos.lsad.pdf ISP Security - Real World Techniques https://www.nanog.org/meetings/nanog23/presentations/greene.ppt A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment https://www.sans.org/reading-room/whitepapers/intrusion/summary-dos-ddos-prevention-monitoring-mitigation-techniques-service-provider-enviro-1212 Maybe you have access to some public IPs, then you can do this data collection yourself.
Sure, I will definitely think about hat. Thanks again for your reply and for providing the links. Greetings, Martin
Regards, Tyler
Current thread:
- BGP FlowSpec Martin Bacher (Apr 24)
- Re: BGP FlowSpec John Kristoff (Apr 27)
- Re: BGP FlowSpec Hank Nussbacher (Apr 27)
- Re: BGP FlowSpec Martin Bacher (Apr 27)
- Re: BGP FlowSpec Tyler Haske (Apr 28)
- Re: BGP FlowSpec Martin Bacher (Apr 29)
- Re: BGP FlowSpec Hank Nussbacher (Apr 27)
- Re: BGP FlowSpec John Kristoff (Apr 27)
- Re: BGP FlowSpec Martin Bacher (Apr 27)
- <Possible follow-ups>
- Re: BGP FlowSpec dennis (Apr 29)
- Re: BGP FlowSpec Pierre Lamy (Apr 30)
- Re: BGP FlowSpec Roland Dobbins (Apr 30)
- Re: BGP FlowSpec Pierre Lamy (Apr 30)