1. Move the website to DDoS-resistant reverse proxy like Cloudflare or
Incapsula, using its current IP address; won't make much of a difference as
attacker will go back to attacking the last known IP address.
2. Change the site IP address and only update it at the reverse proxy
provider, not at any
You haven't indicated what the actual inbound attack volume is. If it's
something your network core can handle, you can block the attack fingerprint
upstream so it does not reach the 1Gb link. If it's UDP amplification
chances are you can create a firewall rule.
-PK
use a CDN provider or AWS ELBs or something to absorb the attacks?
On Mon, Feb 8, 2016 at 9:55 PM, Faisal Imtiaz wrote:
> Not quite sure what kind of info / confirmation you are looking for...
>
> There are lots of articles (do a google search) on this topic as well as
> mitigation ...
>
> e.g.
Hi Mitch.
My colleagues in the US dealt with something like this and I have dealt with
something similar to this in Australia.
Does your customer happen to be a school district?
In our cases it turned out to be students buying Ddos as a service and
targeting the address which comes up when they
On 9 Feb 2016, at 6:14, Mitch Dyer wrote:
I'm hoping someone with some experience on this topic would be able to
shed some light on a better way to attack this or would be willing to
confirm that we are simply SOL without prolonged assistance from the
upstream carrier.
Take a look at this .p
Not quite sure what kind of info / confirmation you are looking for...
There are lots of articles (do a google search) on this topic as well as
mitigation ...
e.g.
http://blog.nexusguard.com/ssdp-ddos-attacks/
&
https://tools.ietf.org/html/bcp38
Regards
Faisal Imtiaz
Snappy Internet & Teleco
On 9 Feb 2016, at 9:50, mike.l...@gmail.com wrote:
Sounds like there is a compromised host downstream of the 1G that is
reporting back it's source IP and that is why changing the IP doesn't
help.
It's much more likely that the attacker is just following the DNS
changes.
---
Oodles of devices downstream of the 1G? Does the 1G terminate into a router or
firewall?
Sounds like there is a compromised host downstream of the 1G that is reporting
back it's source IP and that is why changing the IP doesn't help.
If you look at the PAT table, any oddities?
Good luck!
-Mik
Hello,
Hoping someone can point me in the right direction here, even just confirming
my suspicions would be incredibly helpful.
A little bit of background: I have a customer I'm working with that is
downstream of a 1Gb link that is experiencing multiple DDoS attacks on a daily
basis. Through s
Sent on behalf of the Executive Director
Greetings NANOG Colleagues,
If you missed the nominations deadline for the Program Committee or
Communications Committee, this is your chance to still submit.
If you, or someone you know, would make a great candidate for a NANOG
Committee, please send the
10 matches
Mail list logo
