Re: Guarding against DoS
In our setup, our clients call us because we are their upstream. We block it at our routers, then call our providers asking them to block it at their upstream. There is no way a client can refuse traffic (at least in most setups I've seen) without it passing through their port. The only option would be to allow colocate clients to have access to your routers for putting blocks in. Chris G. On Fri, 2 Jul 2004, Micah Anderson wrote: Lets suppose we get targeted for a DOS attack. We can pretty much assume this will eventually happen. If a colo'ed box gets hit with 20 mbps of incoming traffic, even if it ignores it all, then we might have to pay $2200 that month. That is not good! How can we keep ourselves from getting high bandwidth bills in a colo environment? If we block the traffic at a router in our rack, we've already received it and it has been counted. Is the only solution to catch it quickly and get the ISP to block it upstream? thanks, micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Guarding against DoS
Lets suppose we get targeted for a DOS attack. We can pretty much assume this will eventually happen. If a colo'ed box gets hit with 20 mbps of incoming traffic, even if it ignores it all, then we might have to pay $2200 that month. That is not good! How can we keep ourselves from getting high bandwidth bills in a colo environment? If we block the traffic at a router in our rack, we've already received it and it has been counted. Is the only solution to catch it quickly and get the ISP to block it upstream? thanks, micah
Re: Guarding against DoS
In our setup, our clients call us because we are their upstream. We block it at our routers, then call our providers asking them to block it at their upstream. There is no way a client can refuse traffic (at least in most setups I've seen) without it passing through their port. The only option would be to allow colocate clients to have access to your routers for putting blocks in. Chris G. On Fri, 2 Jul 2004, Micah Anderson wrote: Lets suppose we get targeted for a DOS attack. We can pretty much assume this will eventually happen. If a colo'ed box gets hit with 20 mbps of incoming traffic, even if it ignores it all, then we might have to pay $2200 that month. That is not good! How can we keep ourselves from getting high bandwidth bills in a colo environment? If we block the traffic at a router in our rack, we've already received it and it has been counted. Is the only solution to catch it quickly and get the ISP to block it upstream? thanks, micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Guarding against DoS
Lets suppose we get targeted for a DOS attack. We can pretty much assume this will eventually happen. If a colo'ed box gets hit with 20 mbps of incoming traffic, even if it ignores it all, then we might have to pay $2200 that month. That is not good! How can we keep ourselves from getting high bandwidth bills in a colo environment? If we block the traffic at a router in our rack, we've already received it and it has been counted. Is the only solution to catch it quickly and get the ISP to block it upstream? thanks, micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
