DDoS mitigation for ISPs
Hugo Slabbert
hugo at slabnet.com
Thu Oct 29 15:54:06 UTC 2015
On Thu 2015-Oct-29 08:42:31 -0700, Mike <mike-nanog at tiedyenetworks.com> wrote:
>Hello,
>
> Is there any DDoS mitigation service provider that can scrub
>traffic for an ISP network? I have an ASN and BGP and my own
>netblocks, and I have a 1gbps pipe. I was thinking the scenario would
>be during attack, we could bring up a tunnel and run bgp over it and
>advertise some portion of our ip space thru it. I realise getting it
>setup while attack is taking place would be a little hard and that we
>likely could expect at least some down time. What we have seen so far
>has been reflection attacks (dns and ssdp) and we have been able to
>do rate limiting on these and other protocols to sane values. This
>has worked well, although the primary risk is once the traffic flow
>exceeds the link capacity such limiting won't have any net effect.
>But if we could farm this out during times of trouble to a mitigation
>services provider, they could advertise our block(s) and rate limit
>and scrub for us and send us the result, it would be a far better
>than what we have now (which is effectively nothing). I asked
>cloudflare this and they stated they are focused on web traffic. My
>upstream can't help me, doesn't support RTBH and won't install
>filters anyways unless it's impacting THEIR network. Just wondering
>if anyone has any other ideas (short of ditching my provider, which I
>also can't do due at this time due to lack of competitive choice).
>
>Mike-
>
In no particular order:
- Prolexic (Akamai)
- Arbor Networks
- Staminus
- Black Lotus
- Incapsula
- Radware
This is not an endorsement for any of the above.
Alternatively: http://lmgtfy.com/?q=ddos+protection
--
Hugo
hugo at slabnet.com: email, xmpp/jabber
PGP fingerprint (B178313E):
CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E
(also on textsecure & redphone)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20151029/eeedfe07/attachment.sig>
More information about the NANOG
mailing list