There is several choices that you can put on linux boxes and it will do that for you. Free for the most part
Dennis Burgess www.linktechs.net<http://www.linktechs.net/> – 314-735-0270 x103 – [email protected]<mailto:[email protected]> From: Af [mailto:[email protected]] On Behalf Of Mike Hammett Sent: Monday, April 2, 2018 4:22 PM To: [email protected] Subject: Re: [AFMUG] DDOS protection You don't need to reinvent the wheel. FastNetMon. ----- Mike Hammett Intelligent Computing Solutions<http://www.ics-il.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/ICSIL>[http://www.ics-il.com/images/googleicon.png]<https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/intelligent-computing-solutions>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/ICSIL> Midwest Internet Exchange<http://www.midwest-ix.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/mdwestix>[http://www.ics-il.com/images/linkedinicon.png]<https://www.linkedin.com/company/midwest-internet-exchange>[http://www.ics-il.com/images/twittericon.png]<https://twitter.com/mdwestix> The Brothers WISP<http://www.thebrotherswisp.com/> [http://www.ics-il.com/images/fbicon.png]<https://www.facebook.com/thebrotherswisp>[http://www.ics-il.com/images/youtubeicon.png] <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ________________________________ From: "castarritt ." <[email protected]<mailto:[email protected]>> To: [email protected]<mailto:[email protected]> Sent: Monday, April 2, 2018 4:18:50 PM Subject: Re: [AFMUG] DDOS protection We are working on a Mikrotik method of automatic detection and mitigation based on a firewall rule adding addresses to a list that are getting a certain number of packets per second, and then a script that adds that /32 to BGP networks for advertisement with the correct black hole community (HE.net), or black hole server (Cogent). It works in a lab setting, but we haven't had an attack since implementing the detection side only to our edge router. On Mon, Apr 2, 2018 at 3:16 PM, Mathew Howard <[email protected]<mailto:[email protected]>> wrote: Yeah, something like that seems kind of pointless... even with 10Gbps, there's a good chance it's going to just overload your upstreams anyway, and just about any DDoS attack worth mentioning is going to kill 1Gbps these days. DDoS mitigation on your upstreams would seem like a better way to go to me. On Mon, Apr 2, 2018 at 3:08 PM, Seth Mattinen <[email protected]<mailto:[email protected]>> wrote: On 4/2/18 11:12, Paul McCall wrote: Anybody used a device like this at Layer 2 in between your core and an upstream?�� Purpose: Protection / Mitigation of DDOS attacks. http://www.serveru.us/en/ We have 1 Gbit interfaces currently, but that will jump up to 10Gbit interfaces soon. Nowadays DDoS attacks can easily surpass 10Gbps, so I don't see the point of trying to do any on-net scrubbing unless you can bring more bandwidth to bear than the attacker can.
