Best way to get foreign ISPs to shut down DDoS reflectors?

• Previous message (by thread): Best way to get foreign ISPs to shut down DDoS reflectors?
• Next message (by thread): Best way to get foreign ISPs to shut down DDoS reflectors?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 23, 2020 at 2:38 PM Shawn L via NANOG <nanog at nanog.org> wrote:
> This brings up an interesting question -- what is "good DDoS protection" on an ISP scale?  Apart from having enough bandwidth to weather the attack and having upstream providers attempt to filter it for you/

Hi Shawn,

I believe the normal mechanism is that you use BGP to sink the
impacted /24s at many high-bandwidth exchange points worldwide,
filter, and pass the traffic which  the filter accepts back to your
core infrastructure via a tunnel (VPN).

Build or buy.

If it's practical to sink the bandwidth near the DDOS target, I
wouldn't think it was much of a DDOS.

A question which interests me: How many attacks do folks find landing
in the middle-ground between "annoying but readily handled" and "far
beyond my ability?"

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): Best way to get foreign ISPs to shut down DDoS reflectors?
• Next message (by thread): Best way to get foreign ISPs to shut down DDoS reflectors?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]