On 10/29/2015 08:54 AM, Hugo Slabbert wrote:
On Thu 2015-Oct-29 08:42:31 -0700, Mike
<mike-na...@tiedyenetworks.com> wrote:
Hello,
Is there any DDoS mitigation service provider that can scrub
traffic for an ISP network? I have an ASN and BGP and my own
netblocks, and I have a 1gbps pipe. I was thinking the scenario would
be during attack, we could bring up a tunnel and run bgp over it and
advertise some portion of our ip space thru it. I realise getting it
setup while attack is taking place would be a little hard and that we
likely could expect at least some down time. What we have seen so far
has been reflection attacks (dns and ssdp) and we have been able to
do rate limiting on these and other protocols to sane values. This
has worked well, although the primary risk is once the traffic flow
exceeds the link capacity such limiting won't have any net effect.
But if we could farm this out during times of trouble to a mitigation
services provider, they could advertise our block(s) and rate limit
and scrub for us and send us the result, it would be a far better
than what we have now (which is effectively nothing). I asked
cloudflare this and they stated they are focused on web traffic. My
upstream can't help me, doesn't support RTBH and won't install
filters anyways unless it's impacting THEIR network. Just wondering
if anyone has any other ideas (short of ditching my provider, which I
also can't do due at this time due to lack of competitive choice).
Mike-
In no particular order:
- Prolexic (Akamai)
- Arbor Networks
- Staminus
- Black Lotus
- Incapsula
- Radware
This is not an endorsement for any of the above.
Alternatively: http://lmgtfy.com/?q=ddos+protection
Actually I did the google thing first and followed up with several of
the top results, and not once did I see anyone offering a bgp tunnel +
scrub which is why I asked. I did get some good off list responses
however, thanks all.
Mike-
