On Tue, 18 Nov 2014 16:58:24 -0800 Mike <mike-nanog@tiedyenetworks.com> wrote:
I provide broadband connectivity to mostly residential users. Over the past few years, instances of DDoS against the network - specfically targeting end users - has been on the rise, and today I can qualify many of these as simple acts of revenge where someone will engage a dos (possibly, services like 'booters' or similar) because they lost an online game or had some interactive in a forum they didn't like.
Hi Mike, I certainly sympathize with you about dealing with this sort of activity. Since you seem to be willing to invest some effort into mitigating it, what would also be interesting is to compile a summary of this activity that you're seeing. Answering questions such as how often does it happen, the duration when it does, what games are most commonly associated with the attacks you're seeing, what are the attack characteristics and so on. Having good insight into these attacks in formulating responses or going off and performing their own research to get closer to the who, why and how so they can be mitigated in other ways too. If you ever attend a NANOG, a presentation about your experiences might be welcome, it would very likely be in the security track, which I sometimes help moderate if you want to consider it.
I have good 'consumer broadband' filtering rules in place which make sense and protect against quite a lot of obviously ddos oriented traffic streams.
Do you ever find that the attacks overwhelm your network or are they usually just big enough to disrupt your downstream customer?
I am wondering if anyone has a pointer or reference to any tools which might help facillitate this?
I can point you to some tools and references I'm aware of, but I can't talk about how effectively they are operationally or whether or not you should abide by or use them. AbuseHelper <http://abusehelper.be/> IETF RFC 5965 An Extensible Format for Email Feedback Reports <https://tools.ietf.org/html/rfc5965> IETF RFC 6650 Creation and Use of Email Feedback Reports <https://tools.ietf.org/html/rfc6650> Network Abuse Reporting 2.0 <http://www.x-arf.org/> Net::Abuse::Utils <http://search.cpan.org/~mikegrb/Net-Abuse-Utils/> John