North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DOS attack tracing

  • From: Suresh Ramasubramanian
  • Date: Tue May 10 05:06:19 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=G+/WXB/bTMWQQ0fi63PZ0QHak/ImbHA9oBD4804wPhN5DCqv6H6HnyUcvnh+5x83pYD9YCAUm7zWYg2kdjmaNLW14YoacznxA8cuKQgmoKSu+WuJTBvsfxEnrIx+MhbkIXA7Q5O9tg4XHa+I5ZlvGYmQ0rqsyPn+wV0lREWrwU0=

Quite decent suggestions

On 5/10/05, Kim Onnel <karim.adel@gmail.com> wrote:
> 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
> & analyzers
> 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
> 5) Monitor CPU/Netflow table size using SNMP
> 6) Request a blackholing BGP community from your upsream provider.

You start with #4, first of all.  Then get #6.  Then put #2 and #5 in place.

After that, you get one or the other of these, if you can push through
a budget for expensive kit.

> 1) Get 'Cisco guard' , too expensive ?
> 2) Get Arbor, Stealthflow, Esphion, too expensive ?

--srs
-- 
Suresh Ramasubramanian (ops.lists@gmail.com)