DDOS solution recommendation

Pavel Odintsov pavel.odintsov at gmail.com
Sun Jan 11 15:52:02 UTC 2015


If you speaking about ISP "filtering" you should check your subnets
and ASN here: https://radar.qrator.net

I was really amazed amount of DDoS bots/amplificators in my network.

On Sun, Jan 11, 2015 at 6:47 PM, Michael Hallgren <m.hallgren at free.fr> wrote:
> Le 11/01/2015 14:50, Patrick W. Gilmore a écrit :
>> I agree with lots said here.
>> But I've said for years (despite some people saying I am confused) that BCP38 is the single most important thing we can do to cut DDoS.
>> No spoofed source means no amplification. It also stops things like Kaminsky DNS attacks.
>> There is no silver bullet. Security is a series of steps ("layers" as one highly respected security professional has in his .sig). But the most important layer, the biggest bang for the buck we can do today, is eliminated spoofed source.
>> Push on your providers. Stop paying for transit from networks that do not filter ingress, put it in your RFPs, and reward those who do with contracts. Make it economically advantageous to fix the problem, and people will.
> +1
> mh

Sincerely yours, Pavel Odintsov

More information about the NANOG mailing list