[nsp-sec] DNS Type 2 (Authoritative NS) query for "." DDoS ongoing-> Attn AS 23393 (ISPrime)
Danny McPherson
danny at tcb.net
Tue Jan 20 11:07:53 EST 2009
On Jan 20, 2009, at 9:03 AM, Smith, Donald wrote:
> That is a possiblity but in most cases packets that get dropped
> STILL create netflow. I know that is true for acl dropped packets in
> at least most cases.
> Not sure about urpf or other bcp38 methods.
Ahh, right, if you're pulling flows from those routers
then reported egress ifIndex should be 0. Do you guys
look for those records, or BCP 38 violation counts, or
are you looking at flows from those ingress PEs?
-danny
More information about the nsp-security
mailing list