On Jan 5, 2010, at 12:05 PM, Rick Ernst wrote: > > A solution preferably that integrates with NetFlow and RTBH. An in-line > solution obviously requires an appliance, or at least special/additional > hardware.
The key is to not be inline all the time, but only inline *when needed*. This removes operational complexity, provides the ability to oversubscribe, and simplifies the routine troubleshooting matrix. > I'm looking at taking the first whack at immediate mitigation at the > border/edge (upstream) via uRPF and RTBH. Good plan. > Additional mitigation would be via manual or automatic RTBH or > security/abuse@ involvement with upstreams. Automagic is generally bad, as it can be gamed. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
