Cool Ideas down

MagicDude4Eva said:
Depends on how big your pipe is for scrubbing when you get a volumetric attack and have to BGP traffic. In your terms / at your company what is DDOS (i.e. sustained attack-throughput per sec)?
Click to expand...

Let's just say the pipe is sufficiently big that the botnet's own ISP blocks them at some point.
eg. they are DDOS their own ISP(s).
 
Gnome said:
Looks like a DNS provider went down and not them. Try again?

ps: The attack was contained very quickly, so I wouldn't count it as successful.
Click to expand...

They were down. That is the fact. it does not matter if it was for minutes, or hours, the attack did succeed. Of course they will target the weakest link. It's common sense.
 
DERoestorf said:
True DJ, but I am sure you will agree, that if the attack becomes very large, no ISP can stop it.
Click to expand...

The larger it is the easier for your mitigation systems to pick it up, if you have deployed auto-mitigation over your network. Also, the easier it is to identify traffic signatures and isolate the attack vectors if need be. It's more sophisticated attacks that typically hit hard and there have been a lot of them of late targeting us ISPs...
 
DJ... said:
The larger it is the easier for your mitigation systems to pick it up, if you have deployed auto-mitigation over your network. Also, the easier it is to identify traffic signatures and isolate the attack vectors if need be. It's more sophisticated attacks that typically hit hard and there have been a lot of them of late targeting us ISPs...
Click to expand...

I trust your knowledge on this, and agree you can mitigate some risks against DDoS, but if they want to take you down, I am sure they will
 
DERoestorf said:
I trust your knowledge on this, and agree you can mitigate some risks against DDoS, but if they want to take you down, I am sure they will
Click to expand...

They tried with us for 5 straight days up until yesterday. So far have a list of around 85,000 unique IPs with some serious traffic volumes. Has been an interesting few days. This happens to ISPs more often than I think anyone would believe...
 
DJ... said:
They tried with us for 5 straight days up until yesterday. So far have a list of around 85,000 unique IPs with some serious traffic volumes. Has been an interesting few days. This happens to ISPs more often than I think anyone would believe...
Click to expand...

Given it's both you and CISP, think maybe it's actually targeted at IS?
 
Sinbad said:
Given it's both you and CISP, think maybe it's actually targeted at IS?
Click to expand...

Well, ours wasn't directed at IS, no. And IS has some beefy mitigation of their own in place. I cannot speak for CISP nor speculate...
 
Nah wasn't targeted at IS, we had the attack coming in via Seacom or IS depending on which way we weighted the traffic. This was a very targeted attack and was from more than 47000 hosts on 100's of networks. In a lot of DDoS attacks you can narrow down via source AS and just kill off that portion or network as it's limited to an infected network or two. Notify the management of that network and off you go. This attack came from 100's of networks and AS', so it was a vulnerability attack. (Common hosted service with a Vulnerability that gets exploited to create this kind of flood). Which makes it very difficult to mitigate and control automatically as per DJ.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X