[AusNOG] DDoS Attacks - Painful and Persistent.

Matt Shadbolt matt.shadbolt at gmail.com
Mon Aug 10 16:00:57 EST 2009


Have you established WHY your the target of the DDoS's?

matt

On Mon, Aug 10, 2009 at 3:22 PM, Roland Dobbins <rdobbins at arbor.net> wrote:

>
> On Aug 10, 2009, at 12:08 PM, Nick Brown wrote:
>
> >  I'm interested to hear if anyone here has been in the situation
> > previously, and how you handled it
>
>
> Have you implemented S/RTBH at your edges?  If so, you can blackhole
> based upon source addresses, not just destinations.
>
> Have you implemented NetFlow export into an appropriate analysis
> toolset, so as to provide detection/classification/traceback
> visibility (full disclosure; I work for a vendor which produces
> commercial NetFlow analysis tools, but note that there are several
> open-source tools available)?
>
> Do you have communication paths and relationships established with the
> relevant folks at your peers/upstreams/downstreams/end-customers so
> that you can reach out to them in order to get them to filter within
> their networks?
>
> Have you scaled and functionally bulkheaded your DNS infrastructure?
>
> Have you implemented reverse proxy-caches in front of all Web-based
> properties?
>
> Have you implemented tcpwrappers, mod_evasive, mod_security?
>
> Have you implemented an intelligent DDoS mitigation system, or IDMS
> (full disclosure; I work for a vendor which makes such systems).
>
> Have you joined the relevant opsec mitigation communities which allow
> providers to collaborate in handling security events such as DDoS
> attacks?
>
> Can you provide details of the attack traffic/methodologies?  This
> will help folks to provide more situationally-specific advice.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
>         Unfortunately, inefficiency scales really well.
>
>                   -- Kevin Lawton
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20090810/cd5441ae/attachment.html>


More information about the AusNOG mailing list