Re: [AFMUG] DDoS protection vendor?

Fri, 14 Jul 2017 14:19:36 -0700 

Hey,
Back in the day (4 years ago), we used Mikrotik for our main core routers. We would allocate a single IP address from each /24 (randomly selected) and then we created a rule that any outside IP address that even "touched" that IP was added to our Blackhole address list and dropped on the incoming interfaces. 


This was a cheap, easy way to stop many, many attacks. Our blackhole 
list often contained 50,000+ IP addresses.


Travis


On 7/14/2017 10:59 AM, Andreas Wiatowski wrote:

I agree.  It solves many problems.  We had 1 this year… had to drop a /24 for 
about 5 minutes.  The other option is to BGP cloud scrub… much bigger $$.

What we have found is that dealing with even small attacks or identified 
attacks has slowed the frequency and intensity.  Regardless, if you’re a 
target, you’re going to get hurt in today’s day and age.

Cheers,

  
Andreas Wiatowski, CEO

Silo Wireless Inc.
1-866-727-4138 x-600
http://www.silowireless.com <http://www.silowireless.com/>
Wireless | Fibre | VoIP | PBX | IPTV

  
_________________________________

The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited.

  


On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen" <af-boun...@afmug.com on 
behalf of se...@rollernet.us> wrote:

     On 7/14/17 09:04, Andreas Wiatowski wrote:
     > We implemented Corero.  It works as advertised, all our traffic is
     > scrubbed on the fly and only bad traffic is dumped This is at our main
     > core, 2 separate 10Gbps feeds.  We also have a secondary site with
     > 10Gbps and it has a corero as well.  It has allowed us to sleep at night!
     >

     
     
     I don't see how this would help if an attacker tries to shove 40Gbps

     down 2x10GbE pipes.

     
     ~Seth
     


























					Reply via email to