DDoS auto-mitigation best practices (for eyeball networks)
Mike Hammett
nanog at ics-il.net
Sat Sep 19 20:51:51 UTC 2015
Often it's an argument in some sort of online game or a poor loser.
-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest Internet Exchange
http://www.midwest-ix.com
----- Original Message -----
From: "Mehmet Akcin" <mehmet at akcin.net>
To: "Frank Bulk" <frnkblk at iname.com>
Cc: nanog at nanog.org
Sent: Saturday, September 19, 2015 3:09:47 PM
Subject: Re: DDoS auto-mitigation best practices (for eyeball networks)
How does he/she become target? How does IP address gets exposed?
I guess simplest way is to reboot modem and hope to get new ip (or call n request)
Mehmet
> On Sep 19, 2015, at 12:54, Frank Bulk <frnkblk at iname.com> wrote:
>
> Could the community share some DDoS auto-mitigation best practices for
> eyeball networks, where the target is a residential broadband subscriber?
> I'm not asking so much about the customer communication as much as
> configuration of any thresholds or settings, such as:
> - minimum traffic volume before responding (for volumetric attacks)
> - minimum time to wait before responding
> - filter percentage: 100% of the traffic toward target (or if volumetric,
> just a certain percentage)?
> - time before mitigation is automatically removed
> - and if the attack should recur shortly thereafter, time to respond and
> remove again
> - use of an upstream provider(s) mitigation services versus one's own
> mitigation tools
> - network placement of mitigation (presumably upstream as possible)
> - and anything else
>
> I ask about best practice for broadband subscribers on eyeball networks
> because it's different environment than data center and hosting environments
> or when one's network is being used to DDoS a target.
>
> Regards,
>
> Frank
>
More information about the NANOG
mailing list