[AusNOG] DDOS mitigation

Matt Carter mattc at mansol.net.au
Thu May 9 16:37:07 EST 2013


Consider if you want to blackhole a /32 because it is under attack, with some of the bit rates seem of recent attacks, its potentially/likely affecting the upstream provider aswell and may have impact to their other customers or at least a segment of their access network.
Presuming you have a 24x7 engineering/tier3 contact or alternate mechanism you can implement an *immediate and co-ordinated response* - is that such a bad thing????
(For example, entering routes to be filtered via a portal of sorts that blackholes the /32 but also does other things, such as letting them know their customer is under attack.)
Is the issue here that they do not do real-time blackholing by way of BGP , or just that they have no way of doing real-time blackholing period?
(Just thinking, there's more than one way to skin a cat, they may use RTBL internally despite not offering customers ability to leverage it)


> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-
> bounces at lists.ausnog.net] On Behalf Of Matt Perkins
> Sent: Thursday, 9 May 2013 4:11 PM
> To: ausnog at lists.ausnog.net
> Subject: [AusNOG] DDOS mitigation
> 
> Gday Noggers,
>   We are updating  out DDOS mitigation plan and along the way we have
> ended up with a transit partner that has no system to black whole /32's at the
> ingress. Most of our peers have a community you can advertise to black
> whole an address but this one provider does not they want us to ring the
> help desk and log a case when a DDOS is underway. An unacceptable  plan as
> far as I am concerned.
> 
> So that prompted me look at when the contract of the transit that cant black
> whole expires and it's soon. So my question to the transit providers out
> there. How many of you have a black whole community or some other sort
> of DDOS mitigation strategy that can be implemented with your partners.
> 
> The ones that do that I know of are. PIPE and Vocus, I wont name and shame
> the have not's.
> 
> Matt.
> 
> --
> /* Matt Perkins
>          Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>          Office 1300 133 299     matt at spectrum.com.au
>          Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>          SIP 1300137379 at sip.spectrum.com.au
>          PGP/GNUPG Public Key can be found at  http://pgp.mit.edu */
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog



More information about the AusNOG mailing list