[ratelimits] rrl mention in an nlnetlabs tech report
Dobbins, Roland
rdobbins at arbor.net
Mon Aug 26 09:13:09 UTC 2013
On Aug 26, 2013, at 3:50 PM, Marek Vavruša wrote:
> I wonder if we could (with some accepted error) differentiate an attack flow from legitimate queries.
Statistical and relational anomaly detection of attack traffic utilizing layer-4 flow telemetry exported from network infrastructure devices has become commonplace in the last 14 years:
<https://app.box.com/s/mnshn99c13uekrggy99b>
Network operators use it every day to detect/classify/traceback DDoS attack traffic, including DNS DDoS attacks, both spoofed and non-spoofed.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the ratelimits
mailing list