LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives

NORDNOG Archives

NORDNOG Archives


Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font


Join or Leave NORDNOG
Reply | Post New Message
Search Archives

Subject: Re: Detecting dDoS?
From: Måns Nilsson <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Tue, 9 Apr 2002 08:50:29 +0200

text/plain (31 lines)

--On Tuesday, April 09, 2002 08:55:58 +0300 Huopio Kauto
<[log in to unmask]> wrote:

> Regarding DDoS..
> It could be very interesting to coordinate a nordic approach
> to DDoS source that once alerted, a cross-provider
> network of NOC:s could trace a DDoS source inside Nordic IP network
> footprint in minutes. Any sense on this?

Certainly. The first step in doing so is information. Both Nordunet and
Sunet, whose operations I'm involved in, make extensive network information
available publically, including load graphs for individual WAN links. These
are often our best tools in looking where things come from.

For Sunet, look at
For Nordunet, go to

Both these systems are by Håvard Eidnes, with lots of modifications and
daily updates by KTHNOC, which operates both networks.

The software is available, take a look at the pages for links.

And yes, I'm aware that perhaps only research nets can publish the data
like this, but it is still a very useful tool, and a good example is made
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

Back to: Top of Message | Previous Page | Main NORDNOG Page



CataList Email List Search Powered by the LISTSERV Email List Manager