North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: handling ddos attacks
At 12:00 PM 20-05-04 -0700, Wayne E. Bouchard wrote:
I too would be interested if someone could point a good white paper for cisco DDOS protection mechanisms and best practices in general.
For Cisco specific ideas try: http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf specifically slides 86-92 and 105-127. -Hank
On Thu, May 20, 2004 at 11:52:01AM -0700, Mark Kent wrote: > > I've been trying to find out what the current BCP is for handling ddos > attacks. Mostly what I find is material about how to be a good > net.citizen (we already are), how to tune a kernel to better withstand > a syn flood, router stuff you can do to protect hosts behind it, how > to track the attack back to the source, how to determine the nature of > the traffic, etc. > > But I don't care about most of that. I care that a gazillion > pps are crushing our border routers (7206/npe-g1). > > Other than getting bigger routers, is it still the case that the best > we can do is identify the target IP (with netflow, for example) and > have upstreams blackhole it? > > Thanks, > -mark --- Wayne Bouchard email@example.com Network Dude http://www.typo.org/~web/