Re: DDoS auto-mitigation best practices (for eyeball networks)

[Mehmet Akcin <mehmet () akcin net>]

How does he/she become target? How does IP address gets exposed?

I guess simplest way is to reboot modem and hope to get new ip (or call n request)

Mehmet 

> On Sep 19, 2015, at 12:54, Frank Bulk <frnkblk () iname com> wrote:
>
> Could the community share some DDoS auto-mitigation best practices for
> eyeball networks, where the target is a residential broadband subscriber?
> I'm not asking so much about the customer communication as much as
> configuration of any thresholds or settings, such as:
> - minimum traffic volume before responding (for volumetric attacks)
> - minimum time to wait before responding
> - filter percentage: 100% of the traffic toward target (or if volumetric,
> just a certain percentage)?
> - time before mitigation is automatically removed
> - and if the attack should recur shortly thereafter, time to respond and
> remove again
> - use of an upstream provider(s) mitigation services versus one's own
> mitigation tools
> - network placement of mitigation (presumably upstream as possible)
> - and anything else
>
> I ask about best practice for broadband subscribers on eyeball networks
> because it's different environment than data center and hosting environments
> or when one's network is being used to DDoS a target.
>
> Regards,
>
> Frank