Pavel, what kind of resources does the analysis of a 100G circuit require? Or is it just counting packets?
On Tue, Jul 21, 2015 at 8:11 AM, Pavel Odintsov <pavel.odint...@gmail.com> wrote: > You could do SQC with FastNetMon. We have per subnet / per host and > per protocol counters. We are working on multi 100GE mode very well :) > > On Tue, Jul 21, 2015 at 4:07 PM, Rafael Possamai <raf...@gav.ufsc.br> > wrote: > > Has anyone tried to implement real-time SQC in their network? You can > > calculate summary statistics and use math to determine if traffic is > > "normal" or if there's a chance it's garbage. You won't be able to notice > > one-off attacks, but anything that repeats enough times should pop up. > > Facebook uses similar technology to figure out what kind of useless news > to > > display on your feed. > > > > In summary, instead of blocking an entire country, we should be able to > > analyze traffic as it comes, and determine a DDoS attack without human > > intervention. > > > > On Tue, Jul 21, 2015 at 7:43 AM, Jared Mauch <ja...@puck.nether.net> > wrote: > > > >> On Tue, Jul 21, 2015 at 08:09:56AM -0400, Curtis Maurand wrote: > >> > > >> > DNS is still largely UDP. > >> > >> Water is also still wet :) - but you may not be doing 10% of > your > >> links as UDP/53. > >> > >> DNS can also use TCP as well, including sending more than one > >> query in a pipelined fashion. > >> > >> The challenge that Cameron is trying to document here > >> is when seeing large volumes of UDP it becomes necessary to do > >> something to keep the network up. This response is frustrating for > those > >> of us who prefer to have a unfiltered e2e network but maintaining > >> the network as up in the face of these adverse conditions is important. > >> > >> - Jared > >> > >> > > >> > --Curtis > >> > > >> > On 7/20/2015 5:40 PM, Ca By wrote: > >> > >Folks, it may be time to take the next step and admit that UDP is > too > >> > >broken to support > >> > > > >> > >https://tools.ietf.org/html/draft-byrne-opsec-udp-advisory-00 > >> > > > >> > >Your comments have been requested > >> > > > >> > > > >> > > > >> > >On Mon, Jul 20, 2015 at 8:57 AM, Drew Weaver <drew.wea...@thenap.com > > > >> wrote: > >> > > > >> > >>Has anyone else seen a massive amount of illegitimate UDP 1720 > traffic > >> > >>coming from China being sent towards IP addresses which provide VoIP > >> > >>services? > >> > >> > >> > >>I'm talking in the 20-30Gbps range? > >> > >> > >> > >>The first incident was yesterday at around 13:00 EST, the second > >> incident > >> > >>was today at 09:00 EST. > >> > >> > >> > >>I'm assuming this is just another DDoS like all others, but I would > be > >> > >>interested to hear if I am not the only one seeing this. > >> > >> > >> > >>On list or off-list is fine. > >> > >> > >> > >>Thanks, > >> > >>-Drew > >> > >> > >> > >> > >> > > >> > -- > >> > Best Regards > >> > Curtis Maurand > >> > Principal > >> > Xyonet Web Hosting > >> > mailto:cmaur...@xyonet.com > >> > http://www.xyonet.com > >> > >> -- > >> Jared Mauch | pgp key available via finger from ja...@puck.nether.net > >> clue++; | http://puck.nether.net/~jared/ My statements are only > >> mine. > >> > > > > -- > Sincerely yours, Pavel Odintsov >