nanog mailing list archives
Re: DDOS, IDS, RTBH, and Rate limiting
From: Tim Raphael <raphael.timothy () gmail com>
Date: Sun, 9 Nov 2014 09:38:09 +0800
Check out Arbour Networks, they produce a range of DDoS scrubbing appliances that do pretty much what you want. Regards, Tim Raphael
On 9 Nov 2014, at 9:10 am, Eric C. Miller <eric () ericheather com> wrote: Today, we experienced (3) separate DDoS attacks from Eastern Asia, all generating > 2Gbps towards a single IP address in our network. All 3 attacks targeted different IP addresses with dst UDP 19, and the attacks lasted for about 5 minutes and stopped as fast as they started. Does anyone have any suggestions for mitigating these type of attacks? A couple of things that we've done already... We set up BGP communities with our upstreams, and tested that RTBH can be set and it does work. However, by the time that we are able to trigger the black hole, the attack is almost always over. For now, we've blocked UDP 19 incoming at our edge, so that if future, similar attacks occur, it doesn't affect our internal links. What I think that I need is an IDS that can watch our edge traffic and automatically trigger a block hole advertisement for any internal IP beginning to receive > 100Mbps of traffic. A few searches are initially coming up dry... Eric Miller, CCNP Network Engineering Consultant (407) 257-5115
Current thread:
- Re: DDOS, IDS, RTBH, and Rate limiting, (continued)
- Re: DDOS, IDS, RTBH, and Rate limiting Miles Fidelman (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Jon Lewis (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Jon Lewis (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Miles Fidelman (Nov 09)
- Re: DDOS, IDS, RTBH, and Rate limiting Matt Palmer (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Jon Lewis (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Miles Fidelman (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Trent Farrell (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Jon Lewis (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Trent Farrell (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 08)
- RE: DDOS, IDS, RTBH, and Rate limiting Frank Bulk (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Roland Dobbins (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting joel jaeggli (Nov 08)
- RE: DDOS, IDS, RTBH, and Rate limiting Frank Bulk (Nov 08)
- Re: DDOS, IDS, RTBH, and Rate limiting Paul S. (Nov 09)