[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDOS solution recommendation

Subject: DDOS solution recommendation
From: rdobbins at arbor.net (Roland Dobbins)
Date: Sun, 11 Jan 2015 21:58:12 +0700
In-reply-to: <CAD6AjGSW27qiA3BbS--KK27APZp2FsBtTt=oRLHcSztRdHH-9Q@mail.gmail.com>
References: <CAD0TWZ9X2-g0gC2HHu+ZVxy8mwMOiguhRq4zoS+6tCe1uqzxSA@mail.gmail.com> <21151566.1466.1420981585260.JavaMail.mhammett@ThunderFuck> <CAD6AjGSW27qiA3BbS--KK27APZp2FsBtTt=oRLHcSztRdHH-9Q@mail.gmail.com>

On 11 Jan 2015, at 20:52, Ca By wrote:

> 1. BCP38 protects your neighbor, do it.

It's to protect yourself, as well.  You should do it all the way down to 
the transit customer aggregation edge, all the way down to the IDC 
access layer, etc.

> 2.  Protect yourself by having your upstream police Police UDP to some
> baseline you are comfortable with.

This will come back to haunt you, when the programmatically-generated 
attack traffic 'crowds out' the legitimate traffic and everything 
breaks.

You can only really do this for ntp.

> 3.  Have RTBH ready for some special case.

S/RTBH and/or flowspec are better (S/RTBH does D/RTBH, too).

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>

Follow-Ups:
- DDOS solution recommendation
  - From: ammar at fastreturn.net (Ammar Zuberi)
- DDOS solution recommendation
  - From: job at instituut.net (Job Snijders)
- DDOS solution recommendation
  - From: cb.list6 at gmail.com (Ca By)
- DDOS solution recommendation
  - From: tore at fud.no (Tore Anderson)

References:
- DDOS solution recommendation
  - From: mmg at transtelco.net (Manuel Marín)
- DDOS solution recommendation
  - From: nanog at ics-il.net (Mike Hammett)
- DDOS solution recommendation
  - From: cb.list6 at gmail.com (Ca By)

Prev by Date: DDOS solution recommendation
Next by Date: DDOS solution recommendation
Previous by thread: DDOS solution recommendation
Next by thread: DDOS solution recommendation
Index(es):
- Date
- Thread