Re: Guarding against DoS
In our setup, our clients call us because we are their upstream. We block
it at our routers, then call our providers asking them to block it at
their upstream. There is no way a client can refuse traffic (at least in
most setups I've seen) without it passing through their port. The only
option would be to allow colocate clients to have access to your routers
for putting blocks in.
On Fri, 2 Jul 2004, Micah Anderson wrote:
Lets suppose we get targeted for a DOS attack. We can pretty much assume
this will eventually happen. If a colo'ed box gets hit with 20 mbps of
incoming traffic, even if it ignores it all, then we might have to pay
$2200 that month. That is not good!
How can we keep ourselves from getting high bandwidth bills in a colo
environment? If we block the traffic at a router in our rack, we've
already received it and it has been counted. Is the only solution to
catch it quickly and get the ISP to block it upstream?
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com