LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: Detecting dDoS?
From: Kurt Erik Lindqvist KPNQwest <[log in to unmask]>
Reply-To:Kurt Erik Lindqvist KPNQwest <[log in to unmask]>
Date:Tue, 9 Apr 2002 12:58:38 +0200
Content-Type:TEXT/PLAIN
Parts/Attachments:
Parts/Attachments

TEXT/PLAIN (16 lines)


> Has anyone thought about detecting DoS attacks by measuring the packets per
> second counter and continously comparing measurements, to be able to detect
> rapid changes?


We have tried a few approaches, limiting ICMP bandwidht and looking for
packet drops and just trying to pull ICMP packet amount out of the data
flows.

Both have turned out to be pretty good to use as debugging tools (as was
noted during the last RIPE meeting...:) ), but as you note - triggering
alarms is trickier as you will see a lot of false ones.

Best regards,

- kurtis -

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager