[AusNOG] Stopping Amplification Attacks

Boblobsta . boblobsta at gmail.com
Wed Apr 12 15:12:05 EST 2017


It's very important to note that they are vastly different solutions and
not directly comparable.

As mentioned earlier in this thread, what OP is talking about is called
BCP38 and it is (imo) the most important first step for a network owner to
take.
It costs nothing but a bit of solid planning (we all do this already,
right?!) and it ensures that your network can not originate spoofed traffic.

If everybody did that the need for any DDoS hardware would be very low.

Further from that first step, you can purchase vendor hardware to provide
your network with additional protection *against other networks who choose
not to use BCP38.*

Cheers,
Bob W

On 12 April 2017 at 15:00, Chad Kelly <chad at cpkws.com.au> wrote:

> On 4/12/2017 12:00 PM, ausnog-request at lists.ausnog.net wrote:
>
>> Given the way amplification attacks work - where you spoof the source IP
>> address to be that of the target and then find services that can respond
>> with significantly larger response (e.g. DNS, NTP etc), I am wondering
>> if it is considered good practice at the ISP level to block traffic
>> leaving your network with any source addresses that do not match your
>> own address range or that of your clients.
>>
>> Do many/all ISPs do this? Are there any practical complications from
>> doing this?
>>
> Any of the well known DDoS Attack prevention tools such as those offered
> by Ns Focus should do what you want.
> Without blocking legitimate traffic, heck even AWS has DDoS protection
> available now a days as an add on product.
> https://nsfocusglobal.com/solutions-overview/premise-ddos-protection-2/
> https://aws.amazon.com/shield/
>
> This at least gives you a couple of solutions to look at anyway.
>
> Regards Chad.
>
>
> --
> Chad Kelly
> Manager
> CPK Web Services
> web www.cpkws.com.au
> phone 03 5273 0246
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170412/89597f20/attachment.html>


More information about the AusNOG mailing list