[183879] in North American Network Operators' Group
Re: DDoS auto-mitigation best practices (for eyeball networks)
daemon@ATHENA.MIT.EDU (Randy via NANOG)
Sat Sep 19 20:44:31 2015
X-Original-To: nanog@nanog.org
Date: Sun, 20 Sep 2015 00:44:21 +0000 (UTC)
To: Frank Bulk <frnkblk@iname.com>, "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <000101d0f314$fbf7f050$f3e7d0f0$@iname.com>
From: Randy via NANOG <nanog@nanog.org>
Reply-To: Randy <randy_94108@yahoo.com>
Errors-To: nanog-bounces@nanog.org
----- Original Message -----
From: Frank Bulk <frnkblk@iname.com>
To: nanog@nanog.org
Cc:
Sent: Saturday, September 19, 2015 12:54 PM
Subject: DDoS auto-mitigation best practices (for eyeball networks)
Could the community share some DDoS auto-mitigation best practices for
eyeball networks, where the target is a residential broadband subscriber?
I'm not asking so much about the customer communication as much as
configuration of any thresholds or settings, such as:
- minimum traffic volume before responding (for volumetric attacks)
- minimum time to wait before responding
- filter percentage: 100% of the traffic toward target (or if volumetric,
just a certain percentage)?
- time before mitigation is automatically removed
- and if the attack should recur shortly thereafter, time to respond and
remove again
- use of an upstream provider(s) mitigation services versus one's own
mitigation tools
- network placement of mitigation (presumably upstream as possible)
- and anything else
I ask about best practice for broadband subscribers on eyeball networks
because it's different environment than data center and hosting environments
or when one's network is being used to DDoS a target.
Regards,
Frank
Frank,
If you figure out a way to protect residential-BB-clients, I would love to know!
Regards,
./Randy
