nanog mailing list archives
RE: DDOS, IDS, RTBH, and Rate limiting
From: "Frank Bulk" <frnkblk () iname com>
Date: Sat, 8 Nov 2014 23:31:31 -0600
But that's my point: many small operators don't have tools and/or staff to identify flows in order to police and/or drop the traffic, and definitely not a NOC that can intervene in under 5 minutes. How much simpler if there was a generic rule that said "no one IP can receive more than 200 Mbps", log on that, and then if it takes 30 or 90 minutes for someone to react, that's fine, but in the meantime other customers weren't affected. Frank -----Original Message----- From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of joel jaeggli Sent: Saturday, November 08, 2014 11:22 PM To: Roland Dobbins; NANOG Subject: Re: DDOS, IDS, RTBH, and Rate limiting On 11/8/14 6:28 PM, Roland Dobbins wrote:
On 9 Nov 2014, at 8:59, Frank Bulk wrote:I've written it before: if there was a software feature in routers where I could specify the maximum rate any prefix size (up to /32) could receive, that would be very helpful.QoS generally isn't a suitable mechanism for DDoS mitigation, as the programmatically-generated attack traffic ends up 'crowding out' legitimate traffic.
if you can identify attack traffic well enough to police it reliably then you can also drop it on the floor.
S/RTBH, flowspec, and other methods tend to produce better results.
yup.
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: DDOS, IDS, RTBH, and Rate limiting, (continued)
- Re: DDOS, IDS, RTBH, and Rate limiting Matt Palmer (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Trent Farrell (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Jon Lewis (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Trent Farrell (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 08)
- RE: DDOS, IDS, RTBH, and Rate limiting Frank Bulk (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting joel jaeggli (Nov 08)
- RE: DDOS, IDS, RTBH, and Rate limiting Frank Bulk (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Paul S. (Nov 09)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 20)
- Re: DDOS, IDS, RTBH, and Rate limiting Denys Fedoryshchenko (Nov 20)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 20)
- Re: DDOS, IDS, RTBH, and Rate limiting Robert Duffy (Nov 20)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 20)