[nsp] Monitoring DoS attacks with the VIP Console

• Next message: Rob Thomas: "[nsp] Template updates"
• Previous message: Deepak Jain: "[nsp] DS3 strangeness"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Hello, cisco-nsp folks.

I have recently authored a paper entitled "Monitoring DoS Attacks with
the VIP Console and NetFlow." This paper details a method for tracking
DoS attacks at a fine layer of granularity. Utilizing both NetFlow and
an undocumented VIP command on a Cisco router, a DoS attack can be
closely monitored and analyzed. You will find the paper at the following
URL:

http://www.cymru.com/~robt/Docs/Articles/dos-and-vip.html

Please note that this document makes use of an UNDOCUMENTED and UNSUPPORTED
Cisco IOS command. While I have successfully used the methods documented
therein during heavy DoS and DDoS attacks, your mileage may vary.

Comments and feedback are always welcome! I hope you find this to be of
use when dealing with DoS attacks.

Thanks!
Rob.

--
Rob Thomas
http://www.cymru.com/~robt
cmn_err(CE_PANIC, "Out of coffee...");

• Next message: Rob Thomas: "[nsp] Template updates"
• Previous message: Deepak Jain: "[nsp] DS3 strangeness"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:38 EDT