Hello, Christopher! Could you share "there are quite a few in the US that will filter traffic like this for you" off-list?
On Thu, Nov 5, 2015 at 3:27 AM, Christopher Morrow <[email protected]> wrote: > a short answer for the OP is: "Find an ISP that will actually support you" > > there are quite a few in the US that will filter traffic like this for > you (vzb will) on demand, provided the traffic is service impacting > and NOT 'victoria secret runway show' traffic. > > alternately you could find an ISP that has a mitigation service (vzb, > att, ntt, sprint i think still does) and move your links there. > > All of those are cheaper when under attack than the off-netork > solutions (generally). > > On Thu, Nov 5, 2015 at 9:12 AM, Tin, James <[email protected]> wrote: >> This is my first post to Nanog. So please don't flame me down ;) >> >> Hi Mario. >> >> Typically the cost of Ddos mitigation is charged on the amount of clean >> traffic inbound to your network, the number of protected /24 ranges you need >> protected and the number of datacentres you want to protect. >> >> Ideally the Ddos mitigation solution should block attacks as close as >> possible to the source of the attack. One good way of doing this is by >> leveraging anycast from multiple scrubbing centres and ensure there is >> enough backbone bandwidth between each scrubbing centre to deliver clean >> traffic. >> >> Blocking it at your upstream transit provider may be too late for >> significant attacks as any service provider between you and the source could >> black hole the traffic before it gets to your peers. This results in >> legitimate traffic not being able to reach your network. >> >> Paras is correct, attacks could be on any port and often multivector and >> change within an attack campaign if attackers see one vector is not >> effective. So each attack really needs to be dealt with dynamically to >> ensure there are no false positives (something is blocked when it shouldn't >> be) >> >> Unfortunately it is very simple to intimate a Ddos attack, but the cost of >> mitigation is very high. So the solution you choose really depends on the >> monetary cost of the outages, clients you have and whether the cost can be >> amortised over your client base. >> >> I have seen service providers offer premium hosting services which have Ddos >> mitigation, using separate infrastructure and links to their normal >> customers. This reduces the cost of mitigation while also containing the >> risks and the collateral damage. >> >> There are also different Ddos mitigation solutions depending on the service >> protocols your are offering. Ie web traffic could be mitigated with cdn vs >> all protocols and ports with BGP via a scrubbing centre. >> >> Sent from my iPhone >> James Tin >> Enterprise Security Architect APJ >> Join the Conversation. >> Log on to Akamai Community. >> [http://www.akamai.com/images/img/community-icon-large.png] >> <https://community.akamai.com/> >> >> [http://www.akamai.com/images/img/bg/akamai-logo.png]<http://www.akamai.com/> >> >> Office: +<tel:+1.617.444.1234>61 9008 4906 >> Cell: +<tel:+1.617.444.1234>61 466 961 555 >> Akamai Technologies >> Level 7, 76 Berry St >> North Sydney, NSW 2071 >> >> Connect with Us: >> [http://www.akamai.com/images/img/akamai-community-icon.jpg] >> <https://community.akamai.com/> >> [http://www.akamai.com/graphics/misc/rs_icon_small.png] >> <http://blogs.akamai.com/> >> [http://www.akamai.com/graphics/misc/tw_icon_small.png] >> <https://twitter.com/akamai> >> [http://www.akamai.com/graphics/misc/fb_icon_small.png] >> <http://www.facebook.com/AkamaiTechnologies> >> [http://www.akamai.com/graphics/misc/in_icon_small.png] >> <http://www.linkedin.com/company/akamai-technologies> >> [http://www.akamai.com/graphics/misc/yt_icon_small.png] >> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> >> >> >> >> >> On 5 Nov 2015, at 05:13, Paras >> <[email protected]<mailto:[email protected]>> wrote: >> >> Hey, >> >> Just blocking port 19 won't cut it, as we often see Chargen attacks that run >> on nonstandard ports as well >> >> Thanks, >> Paras >> >> On 11/4/2015 12:33 PM, Mario Eirea wrote: >> Hello everyone, >> >> Looking to find out how the pricing model works for DDoS mitigation and what >> to expect as far as ballpark pricing from my ISP. Some background, we are >> getting hit with a chargen attack that comes and goes and is saturating our >> 500mb connection. Tried hitting up the ISP for UDP block on 19 but they want >> us to go through our rep, in the process making this go on longer that is >> necessary. Any feedback would be appreciated. >> >> Thanks, >> >> -ME >> >> -- Sincerely yours, Pavel Odintsov
