[c-nsp] DDOS Attacks Mitigation

Mike Hammett cisco-nsp at ics-il.net
Mon Nov 7 09:20:08 EST 2016 

The scrubbing seems to be the difficult bit in many low (or no) cost DDoS mitigation platforms. They'll send out BGP FlowSpec (which my Mikrotik routers don't support and I know many others don't either), but vary in how else they can manage things. 

I see that FastNetMon does support the Mikrotik API now (at least in beta quality). Depending on how fine tuned I can make the API call, it may be workable. Have a different address list for each type of attack and then use the API to add offending IP addresses to the address lists. Have a raw firewall rule to drop UDP 53 or whatever vector they're using from anyone in that address list. 



Why am I talking about Mikrotik on a Cisco list? I'm here for Cisco switches, not routers. :-) 




----- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

----- Original Message -----

From: "Aaron" <aaron1 at gvtc.com> 
To: "Pavel Odintsov" <pavel.odintsov at gmail.com>, "Gert Doering" <gert at greenie.muc.de> 
Cc: "Arie Vayner" <ariev at vayner.net>, "cisco-nsp at pu ck.nether.net" <cisco-nsp at puck.nether.net> 
Sent: Monday, November 7, 2016 8:05:54 AM 
Subject: Re: [c-nsp] DDOS Attacks Mitigation 

Can fastnetmon scrub ? I mean can fastnetmon redirect attack traffic 
through it and scrub out bad and forward the good ? 

- Aaron 

-----Original Message----- 
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of 
Pavel Odintsov 
Sent: Monday, November 7, 2016 7:27 AM 
To: Gert Doering <gert at greenie.muc.de> 
Cc: Arie Vayner <ariev at vayner.net>; cisco-nsp at pu ck.nether.net 
<cisco-nsp at puck.nether.net> 
Subject: Re: [c-nsp] DDOS Attacks Mitigation 

Yep, with mirror/sflow FNM could detect ddos in 2-3 seconds ;) 

On Monday, 7 November 2016, Gert Doering <gert at greenie.muc.de> wrote: 

> Hi, 
> 
> On Mon, Nov 07, 2016 at 08:11:22AM -0500, Satish Patel wrote: 
> > How does Fastnetmon differ from nfsen? 
> 
> much more real-time-ish - nfsen works on 5-minute batches 
> 
> gert 
> -- 
> USENET is *not* the non-clickable part of WWW! 
> // 
> www.muc.de/~gert/ Gert Doering - Munich, Germany gert at greenie.muc.de 
> <javascript:;> 
> fax: +49-89-35655025 
> gert at net.informatik.tu-muenchen.de <javascript:;> 
> 


-- 
Sincerely yours, Pavel Odintsov 
_______________________________________________ 
cisco-nsp mailing list cisco-nsp at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp 
archive at http://puck.nether.net/pipermail/cisco-nsp/ 

_______________________________________________ 
cisco-nsp mailing list cisco-nsp at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp 
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list