[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Guarding against DoS

In our setup, our clients call us because we are their upstream. We block it at our routers, then call our providers asking them to block it at their upstream. There is no way a client can refuse traffic (at least in most setups I've seen) without it passing through their port. The only option would be to allow colocate clients to have access to your routers for putting blocks in.

Chris G.

On Fri, 2 Jul 2004, Micah Anderson wrote:

Lets suppose we get targeted for a DOS attack. We can pretty much assume
this will eventually happen. If a colo'ed box gets hit with 20 mbps of
incoming traffic, even if it ignores it all, then we might have to pay
$2200 that month. That is not good!

How can we keep ourselves from getting high bandwidth bills in a colo
environment? If we block the traffic at a router in our rack, we've
already received it and it has been counted. Is the only solution to
catch it quickly and get the ISP to block it upstream?


To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: