Arnold,
Joining with what Pascal says, yes, you can "wash" traffic when you have some Mbps, not if you have 1Gbps.. (this fill anyway your links before the washing machine which, I suppose, is somewhere central located if you have many border routers).
And yes, we have blackholing communities with all have (told us) this system in place.
Mic
Arnold Nipper wrote:
Michaele,
On 03.08.2004 15:41 Michele Marazza wrote:
Arnold, Nico,
Let suppose to have Arbor or any other "profesional anti-DDos tool" and that the tool tell me: you have an attack of (almost) 1Gbps towards IP address x.y.z.w. What do you do now? You still have hundreds of Mbps coming from many ingress points, all this flows aggregate then towards the x.y.z.w and fill your links, the attacked customer is completely down, other customers are impacted as well. The only way I see to solve this is to blackhole that traffic at the ingress points, this has the following consequences:
- all other customers can work again
- the attacked customer can (at least) work with all other IP addresses
- as it is a DDos, the ingress links are not filled up, no issue here
well ... a better solution is to redirect this traffic at the ingress point to go thru your washing machine (e.g. Riverhead Guard) and re-inject the washed traffic into your network.
Arnold
_______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
-- Michele Marazza / IP-Plus Engineering / www.ip-plus.net / Swisscom Enterprise Solutions _______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
