[c-nsp] DDOS Attacks Mitigation

John Gitau jgitau at gmail.com
Mon Nov 7 06:08:49 EST 2016


Fastmon is quite configurable and scalable. 20gbps is possible. See pavels
response.

Fastmon doesnt use any proprietary features. So afaik it should be
supported in all major platforms.

JG

On 5 Nov 2016 15:39, "Samir Abid Al-mahdi" <samir.abidali at gorannet.net>
wrote:

> Hi John,
>
> Thank you for sharing,
>
> As far As I understood the solution is like this, Please correct me if I
> am wrong,
>
> 1. Fastmon need to be installed to detect the DDOS and perform actions.
> 2. Although, there are multiple methods, I am trying to mirror the traffic
> to the Fastmon.
> 3. Fastmon upon detecting the attack perform a predefined actions, And i
> have seen in youtube, it can perform ACL.
>
> 4. if ACL is possible, then, I am thinking if possible to apply a customer
> ACL based on Dst and src on the router to block only the attack flow.
>
> Kindly let me know if above is correct, and can you help me to clarify the
> following,
>
> 1. Can fastmon handle mirror traffic of 20Gbps  ?  I couldnt find anywhere
> sizing parameter, how many cpu per Gbps.
>
> 2. Can the edge router actually apply this ACL staggered by Fastmon ? what
> router support this.
>
> Thank you and appreciate your support,
>
>
>
> Best Regards
>
> On 4 November 2016 at 11:39, John Gitau <jgitau at gmail.com> wrote:
>
>> If you're on the cheap you could try
>> https://fastnetmon.com/
>> https://github.com/pavel-odintsov/fastnetmon  (source code and what not
>> for the brave). I have used it in cases where a client cant afford arbor
>> et'all and doesnt want to just drop the traffic.
>>
>> JG
>>
>>
>> On Fri, Nov 4, 2016 at 10:50 AM, Mark Tinka <mark.tinka at seacom.mu> wrote:
>>
>>>
>>>
>>> On 4/Nov/16 09:46, Samir Abid Al-mahdi wrote:
>>>
>>> > Hi,
>>> >
>>> > Ok, but how are they going to redirect my traffic to their system.
>>> >
>>> > I dont have a domain to redirect it by DNS.
>>> >
>>> > Does it mean they will BGP advertise my prefixes ? ?
>>>
>>> You'd have to discuss that with them, but at the most basic level, an
>>> Arbor system can automatically begin announcing a route into BGP that
>>> needs to have its traffic scrubbed once an attack is detected.
>>>
>>> Matching can be high-level (ASN) or granular (IP address).
>>>
>>> I suppose other systems have a similar mechanism, but I haven't used
>>> those.
>>>
>>> Mark.
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>>
>>
>> --
>> **Gitau
>>
>
>


More information about the cisco-nsp mailing list