From: Pete Kruckenberg (no email)
Date: Wed May 01 2002 - 19:18:24 EDT
There's been plenty of discussion about DDoS attacks, and my
IDS system is darn good at identifying them. But what are
effective methods for large service-provider networks (ie
ones where a firewall at the front would not be possible) to
deal with DDoS attacks?
Current method of updating ACLs with the source and/or
destination are slow and error-prone and hard to maintain
(especially when the target of the attack is a site that
users would like to access).
A rather extensive survey of DDoS papers has not resulted in
much on this topic.
What processes and/or tools are large networks using to
identify and limit the impact of DDoS attacks?