Information Model for DDoS Open Threat Signaling (DOTS)

Document Type Expired Internet-Draft (individual)
Authors Tirumaleswar Reddy.K  , Prashanth Patil  , Mike Geller  , Dan Wing  , Sandeep Rao  , Mohamed Boucadair 
Last updated 2015-12-31 (latest revision 2015-06-29)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document discusses the need and the mechanisms to dynamically update configuration of network monitoring devices to help identify distributed denial-of-service (DDoS) attacks in a network. Once an attack is signalled by a client or detected locally, provisioning cycles are triggered to program a set of network elements to undertake appropriate actions (including, blackhole, drop, rate- limit, or add to watch list) on the suspect traffic.


Tirumaleswar Reddy.K (
Prashanth Patil (
Mike Geller (
Dan Wing (
Sandeep Rao (
Mohamed Boucadair (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)