We also kept a "whitelist" of IP addresses that could not be blocked.
What do you expect for $0 and $0 per month? :)
Travis
On 7/14/2017 3:21 PM, Mike Hammett wrote:
Until someone starts spoofing Google's authoritative DNS servers or
root DNS servers or....
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Travis Johnson" <[email protected]>
*To: *[email protected]
*Sent: *Friday, July 14, 2017 4:19:05 PM
*Subject: *Re: [AFMUG] DDoS protection vendor?
Hey,
Back in the day (4 years ago), we used Mikrotik for our main core
routers. We would allocate a single IP address from each /24 (randomly
selected) and then we created a rule that any outside IP address that
even "touched" that IP was added to our Blackhole address list and
dropped on the incoming interfaces.
This was a cheap, easy way to stop many, many attacks. Our blackhole
list often contained 50,000+ IP addresses.
Travis
On 7/14/2017 10:59 AM, Andreas Wiatowski wrote:
> I agree. It solves many problems. We had 1 this year… had to drop
a /24 for about 5 minutes. The other option is to BGP cloud scrub…
much bigger $.
>
> What we have found is that dealing with even small attacks or
identified attacks has slowed the frequency and intensity.
Regardless, if you’re a target, you’re going to get hurt in today’s
day and age.
>
> Cheers,
>
> Andreas Wiatowski, CEO
> Silo Wireless Inc.
> 1-866-727-4138 x-600
> http://www.silowireless.com <http://www.silowireless.com/>
> Wireless | Fibre | VoIP | PBX | IPTV
>
> _________________________________
> The contents of this email message and any attachments are intended
solely for the addressee(s) and may contain confidential and/or
privileged information and may be legally protected from disclosure.
If you are not the intended recipient of this message or their agent,
or if this message has been addressed to you in error, please
immediately alert the sender by reply email and then delete this
message and any attachments. If you are not the intended recipient,
you are hereby notified that any use, dissemination, copying, or
storage of this message or its attachments is strictly prohibited.
>
>
> On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen"
<[email protected] on behalf of [email protected]> wrote:
>
> On 7/14/17 09:04, Andreas Wiatowski wrote:
> > We implemented Corero. It works as advertised, all our
traffic is
> > scrubbed on the fly and only bad traffic is dumped This is at
our main
> > core, 2 separate 10Gbps feeds. We also have a secondary site
with
> > 10Gbps and it has a corero as well. It has allowed us to
sleep at night!
> >
>
>
> I don't see how this would help if an attacker tries to shove
40Gbps
> down 2x10GbE pipes.
>
> ~Seth
>
>
