http://www.andrisoft.com/software/wanguard/ddos-mitigation-protection
https://bitbucket.org/tortoiselabs/ddosmon https://github.com/FastVPSEestiOu/fastnetmon I have no idea if any of them actually work. On 11/08/2014 05:10 PM, Eric C. Miller wrote: > Today, we experienced (3) separate DDoS attacks from Eastern Asia, all > generating > 2Gbps towards a single IP address in our network. All 3 attacks > targeted different IP addresses with dst UDP 19, and the attacks lasted for > about 5 minutes and stopped as fast as they started. > > Does anyone have any suggestions for mitigating these type of attacks? > > A couple of things that we've done already... > > We set up BGP communities with our upstreams, and tested that RTBH can be set > and it does work. However, by the time that we are able to trigger the black > hole, the attack is almost always over. > > For now, we've blocked UDP 19 incoming at our edge, so that if future, > similar attacks occur, it doesn't affect our internal links. > > What I think that I need is an IDS that can watch our edge traffic and > automatically trigger a block hole advertisement for any internal IP > beginning to receive > 100Mbps of traffic. A few searches are initially > coming up dry... > > > > Eric Miller, CCNP > Network Engineering Consultant > (407) 257-5115 > > >
