[AusNOG] DDOS mitigation

James Braunegg james.braunegg at micron21.com
Mon May 13 08:59:03 EST 2013 

Dear Roland

Maybe I was a little brief in my last reply.... QOS and DDoS I agree is a bad idea... but QOS for outbound traffic from a server which is say part of a bot net can help make sure the server doesn't not saturate its uplink port (physical uplink port on the server to the switch) which was more my point. 

Thus limiting bandwidth to allow administration in the case something slips through the cracks from a compromised website.... (assuming you don't have a management network or remote access card)

Kindest Regards


James Braunegg
W:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com  |  ABN:  12 109 977 666   



This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.


-----Original Message-----
From: Roland Dobbins [mailto:rdobbins at arbor.net] 
Sent: Monday, May 13, 2013 1:02 AM
To: James Braunegg; Matt Palmer; ausnog at lists.ausnog.net
Subject: Re: [AusNOG] DDOS mitigation



James Braunegg <james.braunegg at micron21.com> wrote:

>I find for compromised website servers etc you can assist by using QOS
>to rate limit say based on matching UDP, ICMP and TCP traffic along
>with packet storm control to limit the number of packets coming from a
>particular server at the switch port level (assuming you have full
>layer 3 functions on your top of rack switch) allowing you to isolate
>the script without causing a lot of damage to your network.

Using QoS mechanisms to try and mitigate DDoS attacks generally doesn't work very well - the programmatically-generated attack traffic ends up 'crowding out' the legitimate traffic.

---------------------------------------
Roland Dobbins <rdobbins at arbor.net>

More information about the AusNOG mailing list