We´ve been shipping product that can be configured to accomplish this
since last week. You don´t neccessarily have to put it in your packet path if you
have capable enough box (like any Junos box) to automatically get
Contact me privately for a sales pitch :-)
> Has anyone ever considered designing a dynamic traffic shaping filter to
> prevent DOS attacks?
> The idea is to combine a traffic shaper/rate limiter with a database
> of info on what systems a host usually talks to and if a traffic pattern
> appears that diverges significantly from the "usual" pattern, then
> surplus traffic gets dropped. This software is installed on a physical
> machine that acts as gateway for the system(s) that is/are to be
> I mentioned this idea to Lars-Johan Liman (who runs the swedish root
> server) after the much-publicised attack on the root servers earlier
> and he didn't seem to know of anything similar that existed.
> On Thu, 27 Feb 2003, Kurt Erik Lindqvist wrote:
> > On torsdag, feb 27, 2003, at 16:48 Europe/Stockholm, amar wrote:
> > > From NaNog:
> > >
> > >> RIPE NCC just sent an email to the AMS-IX list stating that
> > >> they are currently experiencing an ICMP DDOS attack.
> > >
> > > -- amar
> > >
> > This is somewhat interesting in what is going on on the "Domains" list
> > (regarding Swedish domain politics) as after math to PTS report on
> > vulnerabilities of the Internet in terms of crisis. How many people
> > build their incoming filters of the RIPE database and what happens if
> > that is down for a longer period of time? Or just when the scripts are
> > run?
> > Anyone using the Swedish mirror?
> > Best regards,
> > - kurtis -