[nsp-sec] Recent 20 Gbps microburst DoS attack
Dobbins, Roland
rdobbins at arbor.net
Fri Dec 22 16:45:25 EST 2017
> On Dec 22, 2017, at 23:52, J. Chambers <jchambers at ucla.edu> wrote:
>
> The DoS was UDP Port 80 and targeted our main website www.ucla.edu
> (164.67.228.152), technically it hit the load-balancer VM in front of
> the site and crashed that.
Right - so, why allow UDP to the load-balancer VIP for the Web server? Seems as if situationally-appropriate tACLs would've stopped this attack at the transit edge, yes?
CoPP is QoS for the control & management planes. If you use iACLs, CoPP is superfluous, really.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the nsp-security
mailing list