[AusNOG] DDoS attack sizes

[Joseph Goldman]

You have DDoS scrubbing which can help to monitor the traffic and only 
let through what is determined as legitimate traffic while curbing the rest.

You have services such as Black Lotus, and Micron21 DDoS protection 
where on the event of an attack they will advertise the range to the 
global route table, scrub the traffic clean, then send it on to you. 
Black Lotus, last I looked, were US based nodes where as Micron21 is AU 
based and can deliver over Megaport VXC etc.

In the short term, RTBH is more than helpful if your upstream and your 
upstreams upstream supports it. Most usually support down to the /32, 
and gets the processing off your link and your routers.

On 08/02/16 16:42, Nick Evendor wrote:
> Yesterday we experienced an 850 megabit DDoS attack towards a hosting 
> customer which almost filled our gigabit uplink and made our upstream 
> provider call me on a Sunday due to abnormal traffic on our port.
>
> Thank god it was Sunday so our network was underutilized with no 
> collateral damage and everything remained working, but I asked the 
> upstream provider what we can do about it other than null routing the 
> destination and they said purchase more capacity.
>
> In the past we have seen a few attacks but they have only been a few 
> hundred megabits and never come close to saturating our gigabit uplink.
>
> What size attacks are people seeing and is it time to over purchase 
> bandwidth and move to a ten gigabit service.
>
> Nick
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160208/479efb11/attachment.html>