On May 1, 2013, at 6:43 AM, Thomas St-Pierre wrote: > We've been sending emails to our clients but as the servers are not managed > by us, there's not much we can do at that level.
Sure, there is - shut them down if they don't comply. Most ISPs have AUP verbiage which would apply to a situation of this type. > Has anyone ever tried mitigating/rate-limiting/etc these attacks in the > network before? (vs at the server/application level) QoS doesn't work, as the programmatically-generated attack traffic 'crowds out' legitimate requests. > We have an Arbor peakflow device, but it's not really geared for this > scenario I find. Peakflow SP is a NetFlow-based anomaly-detection system which performs attack detection/classification/traceback. Please feel free to ping me offlist about additional system elements which perform attack mitigation. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
