On May 20, 2004, at 12:52 PM, Mark Kent wrote:
I've been trying to find out what the current BCP is for handling ddos attacks. Mostly what I find is material about how to be a good net.citizen (we already are), how to tune a kernel to better withstand a syn flood, router stuff you can do to protect hosts behind it, how to track the attack back to the source, how to determine the nature of the traffic, etc.
There's lots and lots of really-useful-very-often-multi-vendor stuff here:
ftp://ftp-eng.cisco.com/cons/isp/security/
In particular, under the bootcamp and CPN-summit stuff. Though it may
seem vendor-specific per logos and the like, I know of several (more
than three) vendors that have contributed to this content, most of which is
very practical and generally informative, and should be applicable to most
deployed vendors. There's also some VOD stuff here that expands some
areas of the content:
http://www.getitmm.com/bootcampflash/launch.html
HTH,
-danny
