Re: [AFMUG] Denial of service mitigation

Fri, 10 Jul 2015 07:43:51 -0700 

Andreas,
The way I always used to do this was through BGP blackholing, our upstream provider provided a community we could use to say 'null route this IP.' It was generally pretty easy to find out who the target was by using the Procera to look at who had tons of traffic directed to them, then we'd blackhole that /32 for a while. 


It was pretty manual, but also pretty simple and let us mitigate DDoS 
within a couple of minutes.


On 7/9/2015 10:22 AM, Andreas Wiatowski wrote:



From what I investigated… you move your BGP AS to them…they 
scrub…secure tunnel back to your network….. going to call… for the fun 
of it all…just to see how expensive the service is.


Cheers,

______________________________

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email [email protected]

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)


Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free 
+1.866.727.4138
Website http://www.silowireless.com/| Facebook 
http://www.facebook.com/silowireless| Twitter @silowireless



This electronic message and all of its contents and attachments 
contain information from the offices of Silo Wireless Inc., which may 
be privileged, confidential or otherwise protected from disclosure.  
The information is intended to be for the addressee only.  If you are 
not the addressee, then any disclosure, copying, distribution or use 
of this message, or its contents or any of its attachments, is 
prohibited.  If you have received this electronic message in error, 
please notify us immediately and destroy the original message and all 
copies.


*From:*Af [mailto:[email protected]] *On Behalf Of *TJ Trout
*Sent:* July 9, 2015 12:28 AM
*To:* [email protected]
*Subject:* Re: [AFMUG] Denial of service mitigation


How's that going to work? Route all of your traffic to them first by 
VPN? I think that's just for websites...?



On Wed, Jul 8, 2015 at 8:57 PM, Seth Mattinen <[email protected] 
<mailto:[email protected]>> wrote:


    On 7/8/15 7:48 PM, Andreas Wiatowski wrote:

        Wondering if anyone has a magic answer to DDOS mitigation
        beyond “buy
        more bandwidth”?



    Other than having excess bandwidth to absorb it or null routing
    the target IP upstream, there's DDoS scrubbing services like Prolexic.

    ~Seth


























					Reply via email to