Often it's an argument in some sort of online game or a poor loser.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com ----- Original Message ----- From: "Mehmet Akcin" <meh...@akcin.net> To: "Frank Bulk" <frnk...@iname.com> Cc: nanog@nanog.org Sent: Saturday, September 19, 2015 3:09:47 PM Subject: Re: DDoS auto-mitigation best practices (for eyeball networks) How does he/she become target? How does IP address gets exposed? I guess simplest way is to reboot modem and hope to get new ip (or call n request) Mehmet > On Sep 19, 2015, at 12:54, Frank Bulk <frnk...@iname.com> wrote: > > Could the community share some DDoS auto-mitigation best practices for > eyeball networks, where the target is a residential broadband subscriber? > I'm not asking so much about the customer communication as much as > configuration of any thresholds or settings, such as: > - minimum traffic volume before responding (for volumetric attacks) > - minimum time to wait before responding > - filter percentage: 100% of the traffic toward target (or if volumetric, > just a certain percentage)? > - time before mitigation is automatically removed > - and if the attack should recur shortly thereafter, time to respond and > remove again > - use of an upstream provider(s) mitigation services versus one's own > mitigation tools > - network placement of mitigation (presumably upstream as possible) > - and anything else > > I ask about best practice for broadband subscribers on eyeball networks > because it's different environment than data center and hosting environments > or when one's network is being used to DDoS a target. > > Regards, > > Frank >
