There aren't very many ways to combat DDOS. That's why it's so popular. Some ISP's partner with a company that offers a tunnel based scrubbing service where they DPI all your traffic before they send it to you. If you only have a few upstreams it may be helpful to you. I spoke to them last year but we have too many links and too many blocks to use it. I think the name of the company was prolexic. They're also a L3 VAR if you have L3 links. There isn't alot of BGP (AFAIK) magic that doesn't involve cutting someone off to save the rest of your customers.
2012/2/5 Ray Gasnick III <rgasn...@milestechnologies.com> > We just saw a huge flux of traffic occur this morning that spiked one of > our upstream ISPs gear and killed the layer 2 link on another becuase of a > DDoS attack on UDP port 80. > > > > Wireshark shows this appears to be from a compromised game server (call of > duty) with source IPs in a variety of different prefixes. > > > > Only solution thus far was to dump the victim IP address in our block into > the BGP Black hole community with one of our 2 providers and completely > stop advertising to the other. > > > > Anybody see this recently and have any tips on mitigation, reply on or > off list. > > > > Thank You, > > Ray Gasnick III > CISSP, Technology Specialist: Network Security & Infrastructure > Miles Technologies > www.milestechnologies.com<http://www.milestechnologies.com/> > > Phone: (856) 439-0999 x127 > Direct: (856) 793-3821 > How am I doing? Email my manager at itmana...@milestechnologies.com > <mailto:itmana...@milestechnologies.com> > > Computer Networking – IT Support – Business Software – Website Design – > Online Marketing & PR > > >
