[AusNOG] Stopping Amplification Attacks

Chad Kelly chad at cpkws.com.au
Wed Apr 12 15:00:11 EST 2017


On 4/12/2017 12:00 PM, ausnog-request at lists.ausnog.net wrote:
> Given the way amplification attacks work - where you spoof the source IP
> address to be that of the target and then find services that can respond
> with significantly larger response (e.g. DNS, NTP etc), I am wondering
> if it is considered good practice at the ISP level to block traffic
> leaving your network with any source addresses that do not match your
> own address range or that of your clients.
>
> Do many/all ISPs do this? Are there any practical complications from
> doing this?
Any of the well known DDoS Attack prevention tools such as those offered 
by Ns Focus should do what you want.
Without blocking legitimate traffic, heck even AWS has DDoS protection 
available now a days as an add on product.
https://nsfocusglobal.com/solutions-overview/premise-ddos-protection-2/
https://aws.amazon.com/shield/

This at least gives you a couple of solutions to look at anyway.

Regards Chad.


-- 
Chad Kelly
Manager
CPK Web Services
web www.cpkws.com.au
phone 03 5273 0246



More information about the AusNOG mailing list