DDoS auto-mitigation best practices (for eyeball networks)

• Previous message (by thread): Call for Participation: IEEE International Conference on Network Protocols (ICNP)
• Next message (by thread): DDoS auto-mitigation best practices (for eyeball networks)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could the community share some DDoS auto-mitigation best practices for
eyeball networks, where the target is a residential broadband subscriber?
I'm not asking so much about the customer communication as much as
configuration of any thresholds or settings, such as:
- minimum traffic volume before responding (for volumetric attacks)
- minimum time to wait before responding
- filter percentage: 100% of the traffic toward target (or if volumetric,
just a certain percentage)?
- time before mitigation is automatically removed
- and if the attack should recur shortly thereafter, time to respond and
remove again
- use of an upstream provider(s) mitigation services versus one's own
mitigation tools
- network placement of mitigation (presumably upstream as possible)
- and anything else

I ask about best practice for broadband subscribers on eyeball networks
because it's different environment than data center and hosting environments
or when one's network is being used to DDoS a target.

Regards,

Frank

• Previous message (by thread): Call for Participation: IEEE International Conference on Network Protocols (ICNP)
• Next message (by thread): DDoS auto-mitigation best practices (for eyeball networks)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]