+1 for FastNetMon. They also just announced this: "FastNetMon passed #Mikrotik <https://www.facebook.com/hashtag/mikrotik?source=feed_text> compatibility # certification <https://www.facebook.com/hashtag/certification?source=feed_text>! Check our entry in MFA (made for MikroTik) list: https://mikrotik.com/mfm/software #FastNetMon <https://www.facebook.com/hashtag/fastnetmon?source=feed_text> # MFA <https://www.facebook.com/hashtag/mfa?source=feed_text> #DDoS <https://www.facebook.com/hashtag/ddos?source=feed_text> #protectiontool <https://www.facebook.com/hashtag/protectiontool?source=feed_text> #security <https://www.facebook.com/hashtag/security?source=feed_text> #news <https://www.facebook.com/hashtag/news?source=feed_text> Order free trial for FastNetMon: https://fastnetmon.com/trial/ "
On Mon, Apr 2, 2018 at 5:21 PM, Mike Hammett <[email protected]> wrote: > You don't need to reinvent the wheel. FastNetMon. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"castarritt ." <[email protected]> > *To: *[email protected] > *Sent: *Monday, April 2, 2018 4:18:50 PM > *Subject: *Re: [AFMUG] DDOS protection > > > We are working on a Mikrotik method of automatic detection and mitigation > based on a firewall rule adding addresses to a list that are getting a > certain number of packets per second, and then a script that adds that /32 > to BGP networks for advertisement with the correct black hole community > (HE.net), or black hole server (Cogent). It works in a lab setting, but we > haven't had an attack since implementing the detection side only to our > edge router. > > On Mon, Apr 2, 2018 at 3:16 PM, Mathew Howard <[email protected]> > wrote: > >> Yeah, something like that seems kind of pointless... even with 10Gbps, >> there's a good chance it's going to just overload your upstreams anyway, >> and just about any DDoS attack worth mentioning is going to kill 1Gbps >> these days. DDoS mitigation on your upstreams would seem like a better way >> to go to me. >> >> On Mon, Apr 2, 2018 at 3:08 PM, Seth Mattinen <[email protected]> wrote: >> >>> On 4/2/18 11:12, Paul McCall wrote: >>> >>>> Anybody used a device like this at Layer 2 in between your core and an >>>> upstream?�� Purpose: Protection / Mitigation of DDOS attacks. >>>> >>>> http://www.serveru.us/en/ >>>> >>>> We have 1 Gbit interfaces currently, but that will jump up to 10Gbit >>>> interfaces soon. >>>> >>>> >>> >>> Nowadays DDoS attacks can easily surpass 10Gbps, so I don't see the >>> point of trying to do any on-net scrubbing unless you can bring more >>> bandwidth to bear than the attacker can. >>> >> >> > >
