--On Tuesday, April 09, 2002 08:55:58 +0300 Huopio Kauto
<[log in to unmask]> wrote:
> Regarding DDoS..
> It could be very interesting to coordinate a nordic approach
> to DDoS source tracing...so that once alerted, a cross-provider
> network of NOC:s could trace a DDoS source inside Nordic IP network
> footprint in minutes. Any sense on this?
Certainly. The first step in doing so is information. Both Nordunet and
Sunet, whose operations I'm involved in, make extensive network information
available publically, including load graphs for individual WAN links. These
are often our best tools in looking where things come from.
For Sunet, look at http://stats.sunet.se/
For Nordunet, go to http://www.nordu.net/stats/
Both these systems are by Håvard Eidnes, with lots of modifications and
daily updates by KTHNOC, which operates both networks.
The software is available, take a look at the pages for links.
And yes, I'm aware that perhaps only research nets can publish the data
like this, but it is still a very useful tool, and a good example is made
Måns Nilsson Systems Specialist
+46 70 681 7204 KTHNOC MN1334-RIPE
We're sysadmins. To us, data is a protocol-overhead.