[ratelimits] rrl mention in an nlnetlabs tech report

Dobbins, Roland rdobbins at arbor.net
Mon Aug 26 09:13:09 UTC 2013

On Aug 26, 2013, at 3:50 PM, Marek Vavruša wrote:

> I wonder if we could (with some accepted error) differentiate an attack flow from legitimate queries.

Statistical and relational anomaly detection of attack traffic utilizing layer-4 flow telemetry exported from network infrastructure devices has become commonplace in the last 14 years:


Network operators use it every day to detect/classify/traceback DDoS attack traffic, including DNS DDoS attacks, both spoofed and non-spoofed.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the ratelimits mailing list