DDoS mitigation for ISPs

Hugo Slabbert hugo at slabnet.com
Thu Oct 29 15:54:06 UTC 2015

On Thu 2015-Oct-29 08:42:31 -0700, Mike <mike-nanog at tiedyenetworks.com> wrote:

>    Is there any DDoS mitigation service provider that can scrub 
>traffic for an ISP network? I have an ASN and BGP and my own 
>netblocks, and I have a 1gbps pipe. I was thinking the scenario would 
>be during attack, we could bring up a tunnel and run bgp over it and 
>advertise some portion of our ip space thru it. I realise getting it 
>setup while attack is taking place would be a little hard and that we 
>likely could expect at least some down time. What we have seen so far 
>has been reflection attacks (dns and ssdp) and we have been able to 
>do rate limiting on these and other protocols to sane values. This 
>has worked well, although the primary risk is once the traffic flow 
>exceeds the link capacity such limiting won't have any net effect. 
>But if we could farm this out during times of trouble to a mitigation 
>services provider, they could advertise our block(s) and rate limit 
>and scrub for us and send us the result, it would be a far better 
>than what we have now (which is effectively nothing). I asked 
>cloudflare this and they stated they are focused on web traffic. My 
>upstream can't help me, doesn't support RTBH and won't install 
>filters anyways unless it's impacting THEIR network. Just wondering 
>if anyone has any other ideas (short of ditching my provider, which I 
>also can't do due at this time due to lack of competitive choice).

In no particular order:

- Prolexic (Akamai)
- Arbor Networks
- Staminus
- Black Lotus
- Incapsula
- Radware

This is not an endorsement for any of the above. 

Alternatively: http://lmgtfy.com/?q=ddos+protection


hugo at slabnet.com: email, xmpp/jabber
PGP fingerprint (B178313E):
CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E

(also on textsecure & redphone)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20151029/eeedfe07/attachment.sig>

More information about the NANOG mailing list