what I forgot to add: wanwall services are distributed. Therefore adding such a service to an exchange point could/would also make sense.
Arnold -- Arnold Nipper / nIPper consulting email: [EMAIL PROTECTED] phone: +49 172 2650958 fax: +49 1212 512 364 310 ----- Original Message ----- From: "Nipper, Arnold" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 03, 2002 12:54 AM Subject: Re: [swinog] dDoS and spoofing... > One might also consider to install services like those offered by wanwall > (www.wanwall.com) to get rid of ddos attacks. > > Arnold > -- > Arnold Nipper / nIPper consulting > email: [EMAIL PROTECTED] > phone: +49 172 2650958 > fax: +49 1212 512 364 310 > > > ----- Original Message ----- > From: "Thomas Kernen" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, February 02, 2002 5:39 PM > Subject: Re: [swinog] dDoS and spoofing... > > > > > > This is more of a side note but you might want to take a look at this > > traceback technique for dDoS that UUNet have demonstrated and > > implemented. > > > > http://www.secsup.org/Tracking/ > > http://www.nanog.org/mtg-0110/ppt/greene.pdf > > > > Thomas > > > > ----- Original Message ----- > > From: "Pascal Gloor" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, February 02, 2002 7:37 AM > > Subject: Re: [swinog] dDoS and spoofing... > > > > > > > I know how huge this can be, but I think its now time to go forward > > and to > > > find a global solution to STOP this definively or at leave know how to > > stop > > > when it occurs... > > > You need a driving license to dirve on the road, but we have no 'laws' > > on > > > the net... I know the internet is considered as free, open, etc... but > > I m > > > sure we all agree that we need to find a solution... a good starting > > point > > > would be the IXPs we have. Paolo, Andre, what are you peak bandwidth > > on > > > your IX switches? Is ther any technical way to collect datas? > > > > > > > > > > > > On Sat, 2 Feb 2002 12:28:39 +0100 > > > "Pascal Gloor" <[EMAIL PROTECTED]> wrote: > > > > > > > Hi all, > > > > > > > > Does any ISP represented here do something to avoid spoofing? and > > how many > > > > > > We are filtering all outgoing traffic against spoofing, only let our > > own > > > ip's out .. > > > > > > > do netflow? with netflow we would be able to 'some kind' trace back, > > at > > > > least the source network/AS of the spoofed DoS and could try to stop > > them. > > > > Could you have a look and see if you have some datas (since > > > Thursday-Friday > > > > night) to destination 193.110.95.1? I could at least try to stop a > > part of > > > > that DoS. > > > > > > Problem with netflow is, that in a case of a ddos you need enourmous > > > bandwith to the > > > collector, and probably thw traffic to the collector is worst than the > > ddos > > > ... > > > (only my expirience) you should be able to collect the traffic at each > > > location seperatly ... > > > but that's kint of invertment intensive ... > > > > > > > Why not creating a 'neural and trusted' 3rd party which would > > collect all > > > > netflows summaries and for sure keep them secret. On demand, that > > team > > > would > > > > seek for a specific destination IP and then would be able to trace > > back > > > > source networks of DoS and advise the concerned network without > > giving any > > > > information to the requester. > > > > > > That would be a great thing ... > > > > > > > DoS are growing day per day and we should do something...really... > > we cant > > > > continue to let the 'terrorists' play like that. > > > > > > Yes, I can observe that too ... > > > > > > Best Regards > > > > > > Matthias > > > > > > -- > > > _;\_ Matthias Cramer System & Network Manager > > > /_. \ Dolphins Network Systems AG Phone +41-1-847'45'45 > > > |/ -\ .) Libernstrasse 24 Fax +41-1-847'45'49 > > > -'^`- \; CH-8112 Otelfingen http://www.dolphins.ch/ > > > > > > > > > > > > ---------------------------------------------- > > > [EMAIL PROTECTED] Maillist-Archive: > > > http://www.mail-archive.com/swinog%40swinog.ch/ > > > > ---------------------------------------------- > > [EMAIL PROTECTED] Maillist-Archive: > > http://www.mail-archive.com/swinog%40swinog.ch/ > > > > ---------------------------------------------- > [EMAIL PROTECTED] Maillist-Archive: > http://www.mail-archive.com/swinog%40swinog.ch/ > ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
