[c-nsp] DDOS Attacks Mitigation

Satish Patel satish.txt at gmail.com
Mon Nov 7 19:09:00 EST 2016 

This is what we do currently,

We have bunch of ACL on edge asr1k router like fragments etc because most of attack use fragmentation. 

Then we have script running every min which poll data from router edge interface and alert is base on bandwidth and PPS rate. 

We have nfsen which we will use to find out what kind of ddos it was 

If ddos fill our uplink then we do null route manually to Blackhole target IP, it kicked out that server but keep happy other server. 

We heard about BGP Flowspec but not confident how does it work and I think ASR1006 doesn't support it. 

--
Sent from my iPhone

> On Nov 7, 2016, at 9:21 AM, Aaron <aaron1 at gvtc.com> wrote:
> 
> Thanks Gert, I read this too....
> 
> https://ripe71.ripe.net/presentations/42-zendesk-ddos.pdf
> 
> I read that FastNetMon can forward to a scrubbing center... but I don't read
> anywhere that FastNetMon or its suite of apps can do the scrubbing.
> 
> Someone let me know if I'm misunderstanding this
> 
> - Aaron
> 
> -----Original Message-----
> From: Gert Doering [mailto:gert at greenie.muc.de] 
> Sent: Monday, November 7, 2016 8:12 AM
> To: Aaron <aaron1 at gvtc.com>
> Cc: 'Pavel Odintsov' <pavel.odintsov at gmail.com>; 'Gert Doering'
> <gert at greenie.muc.de>; 'Arie Vayner' <ariev at vayner.net>; 'cisco-nsp at pu
> ck.nether.net' <cisco-nsp at puck.nether.net>
> Subject: Re: [c-nsp] DDOS Attacks Mitigation
> 
> Hi,
> 
>> On Mon, Nov 07, 2016 at 08:05:54AM -0600, Aaron wrote:
>> Can fastnetmon scrub ?  I mean can fastnetmon redirect attack traffic 
>> through it and scrub out bad and forward the good ?
> 
> http://bfy.tw/8cBj
> 
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> 
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list