LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives

NORDNOG Archives

NORDNOG Archives


Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font


Join or Leave NORDNOG
Reply | Post New Message
Search Archives

Subject: Re: Detecting dDoS?
From: Kurt Erik Lindqvist KPNQwest <[log in to unmask]>
Reply-To:Kurt Erik Lindqvist KPNQwest <[log in to unmask]>
Date:Tue, 9 Apr 2002 12:58:38 +0200

TEXT/PLAIN (16 lines)

> Has anyone thought about detecting DoS attacks by measuring the packets per
> second counter and continously comparing measurements, to be able to detect
> rapid changes?

We have tried a few approaches, limiting ICMP bandwidht and looking for
packet drops and just trying to pull ICMP packet amount out of the data

Both have turned out to be pretty good to use as debugging tools (as was
noted during the last RIPE meeting...:) ), but as you note - triggering
alarms is trickier as you will see a lot of false ones.

Best regards,

- kurtis -

Back to: Top of Message | Previous Page | Main NORDNOG Page



CataList Email List Search Powered by the LISTSERV Email List Manager