netsec-sig - Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...

From: "Dale W. Carder" <>
To: "Taylor, Scott J." <>
Cc: "Spurling, Shannon" <>, "D'Angelo, Cas (Samuel)" <>, Steven Wallace <>, "" <>, Rob Vietzke <>, George Loftus <>, John Moore <>, Caroline Weilhamer <>
Subject: Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...
Date: Thu, 22 Oct 2015 10:24:13 -0500

Thus spake Taylor, Scott J.
()
on Wed, Oct 21, 2015 at 02:36:46AM +0000:
>
> I’m starting to believe that the IU guys that are doing SCI-Flow (?) have
> the right model for DDoS mitigation as well as expressing elephant flows.
> Why can’t when we detect these attacks, we program a controller to drop.
> I’m also very curious to spend some more time with vendors on the
> BGP-Flowspec capabilities and maybe using something like that to drop
> traffic at our edge. Based on what we’ve seen in CT I have to believe we
> could easily knock out the less sophisticated attacks.

One of our campuses is using fastnetmon monitoring a UDP-only feed
from a mirror port on our router. With detection in a few seconds,
it then uses exabgp to inject a flowspec rule into our network to
block the traffic across our AS. As far as free goes, this is pretty
much just off the shelf.

Dale

Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., (continued)
- Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., D'Angelo, Cas (Samuel), 10/20/2015
  - RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Spurling, Shannon, 10/20/2015
    - RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Schopis, Paul, 10/20/2015
    - Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Taylor, Scott J., 10/21/2015
      - RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Schopis, Paul, 10/21/2015
        
        Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Mark Montalto, 10/21/2015
        
        RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Schopis, Paul, 10/21/2015
        
        Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Taylor, Scott J., 10/21/2015
        
        RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Spurling, Shannon, 10/21/2015
        
        RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Schopis, Paul, 10/21/2015
      - Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Dale W. Carder, 10/22/2015
        
        Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., George Loftus, 10/22/2015
        
        RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Schopis, Paul, 10/22/2015
        
        Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Dale W. Carder, 10/22/2015
        
        Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Nick Buraglio, 10/22/2015
    - Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Michael H Lambert, 10/22/2015
      - RE: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more..., Spurling, Shannon, 10/22/2015

List archive

Re: [Security-WG] fast track for DDoS recommendations to Internet2, and a bit more...