|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org From: Ammar Zuberi <ammar@fastreturn.net> In-Reply-To: <54B1FE0C.4060405@winterei.se> Date: Sun, 11 Jan 2015 08:50:01 +0400 To: "Paul S." <contact@winterei.se> Cc: "nanog@nanog.org" <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org I'd beg to differ on this one. The average attacks we're seeing are double t= hat, around the 30-40g mark. Since NTP and SSDP amplification began, we've b= een seeing all kinds of large attacks. Obviously, these can easily be blocked upstream to your network. Hibernia Ne= tworks blocks them for us. Ammar > On 11 Jan 2015, at 8:37 am, Paul S. <contact@winterei.se> wrote: >=20 > While it indeed is true that attacks up to 600 gbit/s (If OVH and CloudFla= re's data is to be believed) have been known to happen in the wild, it's ver= y unlikely that you need to mitigate anything close. >=20 > The average attack is usually around the 10g mark (That too barely) -- so e= ven solutions that service up to 20g work alright. >=20 > Obviously, concerns are different if you're an enterprise that's a DDoS ma= gnet -- but for general service providers selling 'protected services,' food= for thought. >=20 >> On 1/11/2015 =E5=8D=88=E5=BE=8C 12:48, Damian Menscher wrote: >>> On Thu, Jan 8, 2015 at 9:01 AM, Manuel Mar=C3=ADn <mmg@transtelco.net> w= rote: >>>=20 >>> I was wondering what are are using for DDOS protection in your networks.= We >>> are currently evaluating different options (Arbor, Radware, NSFocus, >>> RioRey) and I would like to know if someone is using the cloud based >>> solutions/scrubbing centers like Imperva, Prolexic, etc and what are the= >>> advantages/disadvantages of using a cloud base vs an on-premise solution= . >>> It would be great if you can share your experience on this matter. >> On-premise solutions are limited by your own bandwidth. Attacks have bee= n >> publicly reported at 400Gbps, and are rumored to be even larger. If you >> don't have that much network to spare, then packet loss will occur upstre= am >> of your mitigation. Having a good relationship with your network >> provider(s) can help here, of course. >>=20 >> If you go with a cloud-based solution, be wary of their SLA. I've seen >> some claim 100% uptime (not believable) but of course no refund/credits f= or >> downtime. Another provider only provides 20Gbps protection, then will >> null-route the victim. >>=20 >>> On Sat, Jan 10, 2015 at 4:19 PM, Charles N Wyble <charles@thefnf.org> wr= ote: >>>=20 >>> Also how are folks testing ddos protection? What lab gear,tools,methods >>> are you using to determine effectiveness of the mitigation. >>=20 >> Live-fire is the cheapest approach (just requires some creative trolling)= >> but if you want to control the "off" button, cloud VMs can be tailored to= >> your needs. There are also legitimate companies that do network stress >> testing. >>=20 >> Keep in mind that you need to test against a variety of attacks, against >> all components in the critical path. Attackers aren't particularly >> methodical, but will still randomly discover any weaknesses you've >> overlooked. >>=20 >> Damian >=20
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |