On Mon, Aug 02, 2010 at 09:56:01AM -0500, Matt wrote: > >to 1.2Gb/s if I recall correctly. At first we were getting crazy > >packet loss because the upstream router was getting hammered. > > > >After that they put in a few rules to drop the traffic and that made > >it stable, But latency was like +140ms going into it. > > What rules can really help a DOS attack? I just see it as hard to > block since usually its coming from thousands of different IP's. I > imagine it could look like TCP, UDP or etc. How can a router tell > whats legitimate and not?
You get your upstream to block the traffic. If they overwhelm your upstream, your upstream gets their neighbor(s) to block the traffic. Lather, Rinse, Repeat. If you are speaking BGP to your upstream, they may have communities you can use to automagically direct them to blackhole the target IP, or the source IPs if the source is that limited. The IP they are attacking is probably going down from the Internet's perspective either way. The difference is if the rest of your space is able to remain online. Announce the community; then call your provider(s) to see if there are better mitigation methods. Luckily, we haven't had that problem here for a long time. -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
