Hey Ferg,
when you get some boxes to play with I'd be happy to help
load them with
a 10G DDoS; it would be phun...
I'd also be interested to work with researchers on
instrumenting the
attack. I think I know how to pitch one, just never had a
willing catcher.
I'd especially enjoy it if you could publish your results
of such research.
best,
-rick
Fergie wrote:
> So, it would appear to me that simply analyzing netflow
data, etc.,
> at the time of a (D)DoS attack, and then black-holing
(by hand) the
> offending source addresses may not be the most scalable
and
> efficient way of
dealing/coping/mitigating/staying-on-the-air
> during an attack.
>
> Of course, depending where you are on the food chain,
the resources
> one is trying to protect, the volume of DDoS traffic,
etc, plays into
> the equation, etc.
>
> I was looking to see what opinions folks on the list
may have on
> the DDoS "appliance" vendor products
available -- I'm particularly
> looking for a stand-alone (or in conjunction with a
'traffic analysis'
> box) to off-load DoS "mitigation" --
real-world experiences welcome.
>
> Please direct responses to me off-list, or not...
>
> Thanks,
>
> - ferg
>
> --
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> fergdawg(at)netzero.net
> ferg's tech blog: http://fergdawg.blogspo
t.com/
>
|