nanog mailing list archives
RE: D/DoS mitigation hardware/software needed.
From: "Stefan Fouant" <sfouant () shortestpathfirst net>
Date: Tue, 5 Jan 2010 00:39:46 -0500
-----Original Message----- From: Suresh Ramasubramanian [mailto:ops.lists () gmail com] Sent: Tuesday, January 05, 2010 12:19 AM On Tue, Jan 5, 2010 at 10:38 AM, Dobbins, Roland <rdobbins () arbor net> wrote:Additional mitigation would be via manual or automatic RTBH orsecurity/abuse@ involvement with upstreams.Automagic is generally bad, as it can be gamed.... and manual wont scale in ddos
There are pros and cons to each approach. Certain types of things can be automated, in fact I've done this using the Auto-mitigate feature in Arbor coupled with pre-configured mitigation templates for certain types of traffic and it works very well. But generally, as Roland mentioned automagic stuff can be gamed and for the majority of the stuff you are going to want an operator to look at the alert before making the decision to offramp. The trick is to try to automate as much around the process as possible - I've worked in environments where just making little changes to incident handling response methods reduced the time to mitigate an attack from hours to minutes, all the while still requiring an operator to press the "big red button" to offramp and enable the mitigation. Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
Current thread:
- Re: D/DoS mitigation hardware/software needed., (continued)
- Re: D/DoS mitigation hardware/software needed. Rob Shakir (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
- Message not available
- Re: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Graeme Fowler (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Rob Shakir (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
- Re: D/DoS mitigation hardware/software needed. John Kristoff (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)