Ditto - we've been seeing average attack size pushing the 40-50 Gbps mark. The "serious" attacks are much, much larger.
On Sat, Jan 10, 2015 at 8:50 PM, Ammar Zuberi <am...@fastreturn.net> wrote: > I'd beg to differ on this one. The average attacks we're seeing are double > that, around the 30-40g mark. Since NTP and SSDP amplification began, we've > been seeing all kinds of large attacks. > > Obviously, these can easily be blocked upstream to your network. Hibernia > Networks blocks them for us. > > Ammar > > > On 11 Jan 2015, at 8:37 am, Paul S. <cont...@winterei.se> wrote: > > > > While it indeed is true that attacks up to 600 gbit/s (If OVH and > CloudFlare's data is to be believed) have been known to happen in the wild, > it's very unlikely that you need to mitigate anything close. > > > > The average attack is usually around the 10g mark (That too barely) -- > so even solutions that service up to 20g work alright. > > > > Obviously, concerns are different if you're an enterprise that's a DDoS > magnet -- but for general service providers selling 'protected services,' > food for thought. > > > >> On 1/11/2015 午後 12:48, Damian Menscher wrote: > >>> On Thu, Jan 8, 2015 at 9:01 AM, Manuel Marín <m...@transtelco.net> > wrote: > >>> > >>> I was wondering what are are using for DDOS protection in your > networks. We > >>> are currently evaluating different options (Arbor, Radware, NSFocus, > >>> RioRey) and I would like to know if someone is using the cloud based > >>> solutions/scrubbing centers like Imperva, Prolexic, etc and what are > the > >>> advantages/disadvantages of using a cloud base vs an on-premise > solution. > >>> It would be great if you can share your experience on this matter. > >> On-premise solutions are limited by your own bandwidth. Attacks have > been > >> publicly reported at 400Gbps, and are rumored to be even larger. If you > >> don't have that much network to spare, then packet loss will occur > upstream > >> of your mitigation. Having a good relationship with your network > >> provider(s) can help here, of course. > >> > >> If you go with a cloud-based solution, be wary of their SLA. I've seen > >> some claim 100% uptime (not believable) but of course no refund/credits > for > >> downtime. Another provider only provides 20Gbps protection, then will > >> null-route the victim. > >> > >>> On Sat, Jan 10, 2015 at 4:19 PM, Charles N Wyble <char...@thefnf.org> > wrote: > >>> > >>> Also how are folks testing ddos protection? What lab gear,tools,methods > >>> are you using to determine effectiveness of the mitigation. > >> > >> Live-fire is the cheapest approach (just requires some creative > trolling) > >> but if you want to control the "off" button, cloud VMs can be tailored > to > >> your needs. There are also legitimate companies that do network stress > >> testing. > >> > >> Keep in mind that you need to test against a variety of attacks, against > >> all components in the critical path. Attackers aren't particularly > >> methodical, but will still randomly discover any weaknesses you've > >> overlooked. > >> > >> Damian > > >
