nanog mailing list archives
RE: DDoS auto-mitigation best practices (for eyeball networks)
From: <frnkblk () iname com>
Date: Mon, 21 Sep 2015 07:00:14 -0500
99% of the attacks we see are gaming related -- somehow the other players know the IP and then attack our customer for an advantage in the game, or retribution. Most DHCP servers (correctly) give the same IP address if the CPE is rebooted. Ours are one of those. =) Frank -----Original Message----- From: Mehmet Akcin [mailto:mehmet () akcin net] Sent: Saturday, September 19, 2015 3:10 PM To: Frank Bulk <frnkblk () iname com> Cc: nanog () nanog org Subject: Re: DDoS auto-mitigation best practices (for eyeball networks) How does he/she become target? How does IP address gets exposed? I guess simplest way is to reboot modem and hope to get new ip (or call n request) Mehmet
On Sep 19, 2015, at 12:54, Frank Bulk <frnkblk () iname com> wrote: Could the community share some DDoS auto-mitigation best practices for eyeball networks, where the target is a residential broadband subscriber? I'm not asking so much about the customer communication as much as configuration of any thresholds or settings, such as: - minimum traffic volume before responding (for volumetric attacks) - minimum time to wait before responding - filter percentage: 100% of the traffic toward target (or if volumetric, just a certain percentage)? - time before mitigation is automatically removed - and if the attack should recur shortly thereafter, time to respond and remove again - use of an upstream provider(s) mitigation services versus one's own mitigation tools - network placement of mitigation (presumably upstream as possible) - and anything else I ask about best practice for broadband subscribers on eyeball networks because it's different environment than data center and hosting
environments
or when one's network is being used to DDoS a target. Regards, Frank
Current thread:
- DDoS auto-mitigation best practices (for eyeball networks) Frank Bulk (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Mehmet Akcin (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Mike Hammett (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Patrick Muldoon via NANOG (Sep 19)
- RE: DDoS auto-mitigation best practices (for eyeball networks) frnkblk (Sep 21)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Chase Christian (Sep 22)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Randy via NANOG (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Roland Dobbins (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) alvin nanog (Sep 20)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Mehmet Akcin (Sep 19)