[c-nsp] DDOS Attacks Mitigation

Samir Abid Al-mahdi samir.abidali at gorannet.net
Sat Nov 5 08:38:59 EDT 2016 

Hi John,

Thank you for sharing,

As far As I understood the solution is like this, Please correct me if I am
wrong,

1. Fastmon need to be installed to detect the DDOS and perform actions.
2. Although, there are multiple methods, I am trying to mirror the traffic
to the Fastmon.
3. Fastmon upon detecting the attack perform a predefined actions, And i
have seen in youtube, it can perform ACL.

4. if ACL is possible, then, I am thinking if possible to apply a customer
ACL based on Dst and src on the router to block only the attack flow.

Kindly let me know if above is correct, and can you help me to clarify the
following,

1. Can fastmon handle mirror traffic of 20Gbps  ?  I couldnt find anywhere
sizing parameter, how many cpu per Gbps.

2. Can the edge router actually apply this ACL staggered by Fastmon ? what
router support this.

Thank you and appreciate your support,



Best Regards

On 4 November 2016 at 11:39, John Gitau <jgitau at gmail.com> wrote:

> If you're on the cheap you could try
> https://fastnetmon.com/
> https://github.com/pavel-odintsov/fastnetmon  (source code and what not
> for the brave). I have used it in cases where a client cant afford arbor
> et'all and doesnt want to just drop the traffic.
>
> JG
>
>
> On Fri, Nov 4, 2016 at 10:50 AM, Mark Tinka <mark.tinka at seacom.mu> wrote:
>
>>
>>
>> On 4/Nov/16 09:46, Samir Abid Al-mahdi wrote:
>>
>> > Hi,
>> >
>> > Ok, but how are they going to redirect my traffic to their system.
>> >
>> > I dont have a domain to redirect it by DNS.
>> >
>> > Does it mean they will BGP advertise my prefixes ? ?
>>
>> You'd have to discuss that with them, but at the most basic level, an
>> Arbor system can automatically begin announcing a route into BGP that
>> needs to have its traffic scrubbed once an attack is detected.
>>
>> Matching can be high-level (ASN) or granular (IP address).
>>
>> I suppose other systems have a similar mechanism, but I haven't used
>> those.
>>
>> Mark.
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
> --
> **Gitau
>

More information about the cisco-nsp mailing list