[183876] in North American Network Operators' Group
Re: DDoS auto-mitigation best practices (for eyeball networks)
daemon@ATHENA.MIT.EDU (Mehmet Akcin)
Sat Sep 19 16:09:53 2015
X-Original-To: nanog@nanog.org
From: Mehmet Akcin <mehmet@akcin.net>
In-Reply-To: <000101d0f314$fbf7f050$f3e7d0f0$@iname.com>
Date: Sat, 19 Sep 2015 13:09:47 -0700
To: Frank Bulk <frnkblk@iname.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
How does he/she become target? How does IP address gets exposed?
I guess simplest way is to reboot modem and hope to get new ip (or call n re=
quest)
Mehmet=20
> On Sep 19, 2015, at 12:54, Frank Bulk <frnkblk@iname.com> wrote:
>=20
> Could the community share some DDoS auto-mitigation best practices for
> eyeball networks, where the target is a residential broadband subscriber?
> I'm not asking so much about the customer communication as much as
> configuration of any thresholds or settings, such as:
> - minimum traffic volume before responding (for volumetric attacks)
> - minimum time to wait before responding
> - filter percentage: 100% of the traffic toward target (or if volumetric,
> just a certain percentage)?
> - time before mitigation is automatically removed
> - and if the attack should recur shortly thereafter, time to respond and
> remove again
> - use of an upstream provider(s) mitigation services versus one's own
> mitigation tools
> - network placement of mitigation (presumably upstream as possible)
> - and anything else
>=20
> I ask about best practice for broadband subscribers on eyeball networks
> because it's different environment than data center and hosting environmen=
ts
> or when one's network is being used to DDoS a target.
>=20
> Regards,
>=20
> Frank
>=20
