Internet2 Network Security SIG

["Schopis, Paul" <>]

Dale,
That is is impressive. I'd go so far to say in the street vernacular it 
"kicks ass".


________________________________________
From: 

 
[]
 on behalf of Dale W. Carder 
[]
Sent: Thursday, October 22, 2015 11:24 AM
To: Taylor, Scott J.
Cc: Spurling, Shannon; D'Angelo, Cas (Samuel); Steven Wallace; 
;
 Rob Vietzke; George Loftus; John Moore; Caroline Weilhamer
Subject: Re: [Security-WG] fast track for DDoS recommendations to Internet2, 
and a bit more...

Thus spake Taylor, Scott J. 
()
 on Wed, Oct 21, 2015 at 02:36:46AM +0000:
>
> I’m starting to believe that the IU guys that are doing SCI-Flow (?) have 
> the right model for DDoS mitigation as well as expressing elephant flows.  
> Why can’t when we detect these attacks, we program a controller to drop.  
> I’m also very curious to spend some more time with vendors on the 
> BGP-Flowspec capabilities and maybe using something like that to drop 
> traffic at our edge.  Based on what we’ve seen in CT I have to believe we 
> could easily knock out the less sophisticated attacks.

One of our campuses is using fastnetmon monitoring a UDP-only feed
from a mirror port on our router.  With detection in a few seconds,
it then uses exabgp to inject a flowspec rule into our network to
block the traffic across our AS.  As far as free goes, this is pretty
much just off the shelf.

Dale