At 04:16 AM 02-05-02 +0000, Christopher L. Morrow wrote:
>What we use and we're a 'largeish' network: > >http://www.secsup.org/Tracking/ >(shameless plug #1) > >Among other things this is a tool we use... there was a great set of >slides and presentation given at NANOG23: > >http://www.nanog.org/mtg-0110/greene.html >(shameless plug #2) Shameless plug #3 from RIPE41: http://www.ripe.net/ripe/meetings/archive/ripe-41/tutorials/eof-ddos.pdf 155 slides - 2.3M -Hank Consultant Riverhead Networks (formerly Wanwall Networks) www.riverhead.com >There is also a set of papers Barry Greene from Cisco has available on the >Cisco website... I'm positive he'll respond to this with the link, if he >doesn't search the NANOG mailing list archive for the link it should be >obvious in posts from Barry. > >If you want more pointers I'd be glad to chat on the phone with you, >numbers included below. > > >--Chris >([EMAIL PROTECTED]) >####################################################### >## UUNET Technologies, Inc. ## >## Manager ## >## Customer Router Security Engineering Team ## >## (W)703-886-3823 (C)703-338-7319 ## >####################################################### > >On Wed, 1 May 2002, Pete Kruckenberg wrote: > > > > > There's been plenty of discussion about DDoS attacks, and my > > IDS system is darn good at identifying them. But what are > > effective methods for large service-provider networks (ie > > ones where a firewall at the front would not be possible) to > > deal with DDoS attacks? > > > > Current method of updating ACLs with the source and/or > > destination are slow and error-prone and hard to maintain > > (especially when the target of the attack is a site that > > users would like to access). > > > > A rather extensive survey of DDoS papers has not resulted in > > much on this topic. > > > > What processes and/or tools are large networks using to > > identify and limit the impact of DDoS attacks? > > > > Thanks. > > Pete. > > > >