OOoh, I just thought of a good one... BGP next hops. Those would be good ones to get into a black list. :-)
----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Travis Johnson" <[email protected]> To: [email protected] Sent: Friday, July 14, 2017 4:33:29 PM Subject: Re: [AFMUG] DDoS protection vendor? We also kept a "whitelist" of IP addresses that could not be blocked. What do you expect for $0 and $0 per month? :) Travis On 7/14/2017 3:21 PM, Mike Hammett wrote: Until someone starts spoofing Google's authoritative DNS servers or root DNS servers or.... ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Travis Johnson" <[email protected]> To: [email protected] Sent: Friday, July 14, 2017 4:19:05 PM Subject: Re: [AFMUG] DDoS protection vendor? Hey, Back in the day (4 years ago), we used Mikrotik for our main core routers. We would allocate a single IP address from each /24 (randomly selected) and then we created a rule that any outside IP address that even "touched" that IP was added to our Blackhole address list and dropped on the incoming interfaces. This was a cheap, easy way to stop many, many attacks. Our blackhole list often contained 50,000+ IP addresses. Travis On 7/14/2017 10:59 AM, Andreas Wiatowski wrote: > I agree. It solves many problems. We had 1 this year… had to drop a /24 for > about 5 minutes. The other option is to BGP cloud scrub… much bigger $. > > What we have found is that dealing with even small attacks or identified > attacks has slowed the frequency and intensity. Regardless, if you’re a > target, you’re going to get hurt in today’s day and age. > > Cheers, > > Andreas Wiatowski, CEO > Silo Wireless Inc. > 1-866-727-4138 x-600 > http://www.silowireless.com <http://www.silowireless.com/> > Wireless | Fibre | VoIP | PBX | IPTV > > _________________________________ > The contents of this email message and any attachments are intended solely > for the addressee(s) and may contain confidential and/or privileged > information and may be legally protected from disclosure. If you are not the > intended recipient of this message or their agent, or if this message has > been addressed to you in error, please immediately alert the sender by reply > email and then delete this message and any attachments. If you are not the > intended recipient, you are hereby notified that any use, dissemination, > copying, or storage of this message or its attachments is strictly > prohibited. > > > On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen" > <[email protected] on behalf of [email protected]> wrote: > > On 7/14/17 09:04, Andreas Wiatowski wrote: > > We implemented Corero. It works as advertised, all our traffic is > > scrubbed on the fly and only bad traffic is dumped This is at our main > > core, 2 separate 10Gbps feeds. We also have a secondary site with > > 10Gbps and it has a corero as well. It has allowed us to sleep at night! > > > > > I don't see how this would help if an attacker tries to shove 40Gbps > down 2x10GbE pipes. > > ~Seth > >
