I'm looking at a site named the "digital attack map" (dot com). There's one attack that lists an attack at some near 80 Gbps inbound. ( Clip Cap at http://screencast.com/t/M59qmJhcWSW ) Some questions. Maybe I've just been lucky... but, A) /Seriously/ ? 80 Gbps ? B) Other than dropping routes / changing DNS and "filtering at the borders" are there controls that operators employ that help mitigate multi-Gbps attacks? I understand if - by the nature of talking about it, 'we' give attackers insight, so I'm willing to entertain private discussions; However, this seems to be a semi appropriate place as a catalyst. I'd be interested in a discussion, a ML, or resources that any people can provide, via this list or off list. -jamie -- jamie rishaw // .com.arpa@j <- reverse it. ish. *"Reality defeats prejudice."* - *Rep. Barney Frank*
On Oct 22, 2013, at 8:19 AM, "jamie rishaw" <j@arpa.com> wrote:
A) /Seriously/ ? 80 Gbps ?
100gb/sec+ DDoS attacks have been seen for the last 3 years or more - 80gb/sec isn't that rare, unfortunately. Most (but not all) of these very high-bandwidth DDoS attacks are DNS, SNMP, ntp, or game-server reflection/amplification attacks.
B) Other than dropping routes / changing DNS and "filtering at the borders" are there controls that operators employ that help mitigate multi-Gbps attacks?
S/RTBH, shutting down links, cooperative multi-operator mitigation, BCP38/84, etc. --------------------------------- Roland Dobbins <rdobbins@arbor.net>
participants (2)
-
Dobbins, Roland
-
jamie rishaw