On 11/8/14 6:28 PM, Roland Dobbins wrote: > > On 9 Nov 2014, at 8:59, Frank Bulk wrote: > >> I've written it before: if there was a software feature in routers >> where I >> could specify the maximum rate any prefix size (up to /32) could receive, >> that would be very helpful. > > QoS generally isn't a suitable mechanism for DDoS mitigation, as the > programmatically-generated attack traffic ends up 'crowding out' > legitimate traffic.
if you can identify attack traffic well enough to police it reliably then you can also drop it on the floor. > S/RTBH, flowspec, and other methods tend to produce better results. yup. > ----------------------------------- > Roland Dobbins <rdobb...@arbor.net> >
signature.asc
Description: OpenPGP digital signature