LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: Detecting dDoS?
From: Måns Nilsson <[log in to unmask]>
Reply-To:Network management discussion for Nordic region <[log in to unmask]>
Date:Tue, 9 Apr 2002 08:50:29 +0200
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (31 lines)


--On Tuesday, April 09, 2002 08:55:58 +0300 Huopio Kauto
<[log in to unmask]> wrote:

> Regarding DDoS..
>
> It could be very interesting to coordinate a nordic approach
> to DDoS source tracing...so that once alerted, a cross-provider
> network of NOC:s could trace a DDoS source inside Nordic IP network
> footprint in minutes. Any sense on this?

Certainly. The first step in doing so is information. Both Nordunet and
Sunet, whose operations I'm involved in, make extensive network information
available publically, including load graphs for individual WAN links. These
are often our best tools in looking where things come from.

For Sunet, look at http://stats.sunet.se/
For Nordunet, go to http://www.nordu.net/stats/

Both these systems are by Håvard Eidnes, with lots of modifications and
daily updates by KTHNOC, which operates both networks.

The software is available, take a look at the pages for links.

And yes, I'm aware that perhaps only research nets can publish the data
like this, but it is still a very useful tool, and a good example is made
;-)
--
Måns Nilsson            Systems Specialist
+46 70 681 7204         KTHNOC  MN1334-RIPE

We're sysadmins. To us, data is a protocol-overhead.

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager