On Sat, 2 Feb 2002 12:28:39 +0100 "Pascal Gloor" <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Does any ISP represented here do something to avoid spoofing? and how many
We are filtering all outgoing traffic against spoofing, only let our own ip's out ..
> do netflow? with netflow we would be able to 'some kind' trace back, at
> least the source network/AS of the spoofed DoS and could try to stop them.
> Could you have a look and see if you have some datas (since Thursday-Friday
> night) to destination 193.110.95.1? I could at least try to stop a part of
> that DoS.
Problem with netflow is, that in a case of a ddos you need enourmous bandwith to the
collector, and probably thw traffic to the collector is worst than the ddos ...
(only my expirience) you should be able to collect the traffic at each location
seperatly ...
but that's kint of invertment intensive ...
> Why not creating a 'neural and trusted' 3rd party which would collect all
> netflows summaries and for sure keep them secret. On demand, that team would
> seek for a specific destination IP and then would be able to trace back
> source networks of DoS and advise the concerned network without giving any
> information to the requester.
That would be a great thing ...
> DoS are growing day per day and we should do something...really... we cant
> continue to let the 'terrorists' play like that.
Yes, I can observe that too ...
Best Regards
Matthias
--
_;\_ Matthias Cramer System & Network Manager
/_. \ Dolphins Network Systems AG Phone +41-1-847'45'45
|/ -\ .) Libernstrasse 24 Fax +41-1-847'45'49
-'^`- \; CH-8112 Otelfingen http://www.dolphins.ch/
msg00060/pgp00000.pgp
Description: PGP signature
