nanog mailing list archives

RE: DDoS attacks

From: Brad <brad () americanisp net>
Date: Thu, 12 Jul 2001 19:07:33 -0600 (MDT)


On Thu, 12 Jul 2001, Dan Hollis wrote:

On Thu, 12 Jul 2001, Brad wrote:

Sorry- but after doing all of that, DDoS attacks still
saturate even the largest circuits- thus denying the
service.


It is not perfect, but it does help.

Of course there are those who take the approach "it is not a perfect
solution so we will not bother filtering anything at all".


Well- I have a little experience with this, and from that
experience I have noticed that DDoS attacks can often
saturate the circuits to the point of BGP failure.  Of
course- null-routing the target address does help with the
CPU overhead a little.. However the service is effectivly
shut off by that point anyway.

-Dan


---
Brad Baker
Director: Network Operations
American ISP
brad () americanisp net
+1 303 984 5700 x12
http://www.americanisp.net/

Current thread:

Re: DDoS attacks, (continued)
- - - Re: DDoS attacks Mitch Halmu (Jul 12)
    - Re: DDoS attacks Scott Francis (Jul 12)
    - Re: DDoS attacks Jim Shankland (Jul 12)
- RE: DDoS attacks Roeland Meyer (Jul 11)
- RE: DDoS attacks Roeland Meyer (Jul 12)
  - RE: DDoS attacks Brad (Jul 12)
    - Speaking of DDoS attacks Robert Cannon (Jul 12)
  - RE: DDoS attacks David Harmelin (Jul 12)
    - RE: DDoS attacks Brad (Jul 12)
    - RE: DDoS attacks Dan Hollis (Jul 12)
    - RE: DDoS attacks Brad (Jul 12)
  - Re: DDoS attacks Alexei Roudnev (Jul 12)
    - Re: DDoS attacks up (Jul 12)
    - Re: DDoS attacks Rafi Sadowsky (Jul 12)
    - Re: DDoS attacks Alexei Roudnev (Jul 12)
    - Re: DDoS attacks Alexei Roudnev (Jul 12)
- Re: DDoS attacks Adam Herscher (Jul 12)
- RE: DDoS attacks Roeland Meyer (Jul 15)
  - RE: DDoS attacks Greg A. Woods (Jul 15)