[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDOS, IDS, RTBH, and Rate limiting

Subject: DDOS, IDS, RTBH, and Rate limiting
From: rdobbins at arbor.net (Roland Dobbins)
Date: Sun, 09 Nov 2014 10:27:27 +0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On 9 Nov 2014, at 10:12, Jon Lewis wrote:

> The tricky part is when to remove the route...since you can't tell if 
> the attack has ended while the target is black holed by your 
> upstreams.

You can with NetFlow, if you've D/RTBHed the IP in question on your own 
infrastructure.  NetFlow reports statistics on dropped traffic (except 
on a few platforms with implementation deficiencies).

But this kind of thing punishes the victim.  It's far better to do 
everything possible to *protect* the target(s) of an attack, and only 
use D/RTBH as a last resort.

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

Follow-Ups:
- DDOS, IDS, RTBH, and Rate limiting
  - From: jlewis at lewis.org (Jon Lewis)

References:
- DDOS, IDS, RTBH, and Rate limiting
  - From: eric at ericheather.com (Eric C. Miller)
- DDOS, IDS, RTBH, and Rate limiting
  - From: mfidelman at meetinghouse.net (Miles Fidelman)
- DDOS, IDS, RTBH, and Rate limiting
  - From: jlewis at lewis.org (Jon Lewis)

Prev by Date: DDOS, IDS, RTBH, and Rate limiting
Next by Date: DDOS, IDS, RTBH, and Rate limiting
Previous by thread: DDOS, IDS, RTBH, and Rate limiting
Next by thread: DDOS, IDS, RTBH, and Rate limiting
Index(es):
- Date
- Thread