Dan, If you are using sFlow for your measurements, then you might want to take a look sFlow-RT for DDoS mitigation. The following case study describes how sFlow and null routing are being used to mitigate flood attacks: http://blog.sflow.com/2013/03/ddos.html The analytics engine will detect flood attacks in less than a second and you can use the embedded scripting API to initiate automated responses. The following articles contain basic DDoS mitigation scripts - you just need to replace the block() and allow() functions with calls to expect scripts, OpenFlow rules, or REST API calls - whatever makes sense in your environment. http://blog.sflow.com/search/label/DoS This is a commercial product, but it's free to try out (no registration required): http://inmon.com/products/sFlow-RT.php Cheers, Peter On Wed, Dec 18, 2013 at 8:36 AM, Dan White <dwhite@olp.net> wrote:
Can anyone recommend a vendor solution for DDOS mitigation? We are looking for a solution that detects DDOS attacks from sflow information and automatically announces BGP /32 blackhole routes to our upstream providers, or a similar solution.
Thank You.
On 08/05/13 21:09 +1000, Ahad Aboss wrote:
Scott,
Use a DDOS detection and mitigation system with DPI capabilities to deal with traditional DDOS attack and anomalous behaviour such as worm propagation, botnet attacks and malicious subscriber activity such as flooding and probing. There are only a few vendors who successfully play in this space who provide a self healing/self defending system.
Cheers Ahad -----Original Message----- From: sgraun@airstreamcomm.net [mailto:sgraun@airstreamcomm.net] Sent: Friday, 2 August 2013 11:37 PM To: nanog@nanog.org Subject: ddos attacks
I’m curious to know what other service providers are doing to alleviate/prevent ddos attacks from happening in your network. Are you completely reactive and block as many addresses as possible or null0 traffic to the effected host until it stops or do you block certain ports to prevent them. What’s the best way people are dealing with them?
Scott
-- Dan White