DDoS auto-mitigation best practices (for eyeball networks)

• Previous message (by thread): DDoS auto-mitigation best practices (for eyeball networks)
• Next message (by thread): DDoS auto-mitigation best practices (for eyeball networks)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How does he/she become target? How does IP address gets exposed?

I guess simplest way is to reboot modem and hope to get new ip (or call n request)

Mehmet 

> On Sep 19, 2015, at 12:54, Frank Bulk <frnkblk at iname.com> wrote:
> 
> Could the community share some DDoS auto-mitigation best practices for
> eyeball networks, where the target is a residential broadband subscriber?
> I'm not asking so much about the customer communication as much as
> configuration of any thresholds or settings, such as:
> - minimum traffic volume before responding (for volumetric attacks)
> - minimum time to wait before responding
> - filter percentage: 100% of the traffic toward target (or if volumetric,
> just a certain percentage)?
> - time before mitigation is automatically removed
> - and if the attack should recur shortly thereafter, time to respond and
> remove again
> - use of an upstream provider(s) mitigation services versus one's own
> mitigation tools
> - network placement of mitigation (presumably upstream as possible)
> - and anything else
> 
> I ask about best practice for broadband subscribers on eyeball networks
> because it's different environment than data center and hosting environments
> or when one's network is being used to DDoS a target.
> 
> Regards,
> 
> Frank
> 

• Previous message (by thread): DDoS auto-mitigation best practices (for eyeball networks)
• Next message (by thread): DDoS auto-mitigation best practices (for eyeball networks)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]