nanog mailing list archives
Re: DDoS auto-mitigation best practices (for eyeball networks)
From: Mike Hammett <nanog () ics-il net>
Date: Sat, 19 Sep 2015 15:51:51 -0500 (CDT)
Often it's an argument in some sort of online game or a poor loser. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Mehmet Akcin" <mehmet () akcin net> To: "Frank Bulk" <frnkblk () iname com> Cc: nanog () nanog org Sent: Saturday, September 19, 2015 3:09:47 PM Subject: Re: DDoS auto-mitigation best practices (for eyeball networks) How does he/she become target? How does IP address gets exposed? I guess simplest way is to reboot modem and hope to get new ip (or call n request) Mehmet
On Sep 19, 2015, at 12:54, Frank Bulk <frnkblk () iname com> wrote: Could the community share some DDoS auto-mitigation best practices for eyeball networks, where the target is a residential broadband subscriber? I'm not asking so much about the customer communication as much as configuration of any thresholds or settings, such as: - minimum traffic volume before responding (for volumetric attacks) - minimum time to wait before responding - filter percentage: 100% of the traffic toward target (or if volumetric, just a certain percentage)? - time before mitigation is automatically removed - and if the attack should recur shortly thereafter, time to respond and remove again - use of an upstream provider(s) mitigation services versus one's own mitigation tools - network placement of mitigation (presumably upstream as possible) - and anything else I ask about best practice for broadband subscribers on eyeball networks because it's different environment than data center and hosting environments or when one's network is being used to DDoS a target. Regards, Frank
Current thread:
- DDoS auto-mitigation best practices (for eyeball networks) Frank Bulk (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Mehmet Akcin (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Mike Hammett (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Patrick Muldoon via NANOG (Sep 19)
- RE: DDoS auto-mitigation best practices (for eyeball networks) frnkblk (Sep 21)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Chase Christian (Sep 22)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Randy via NANOG (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Roland Dobbins (Sep 19)
- Re: DDoS auto-mitigation best practices (for eyeball networks) alvin nanog (Sep 20)
- Re: DDoS auto-mitigation best practices (for eyeball networks) Mehmet Akcin (Sep 19)