Larger providers use a /24 for infrastructure and don't announce it Nobit: give your router interfaces rfc 1918 addresses, they will still forward packets and can't be attackedīut yeah it will prevent attacks against the infrastructure Or sflow or whatever the broadcade shit is Lets say they are attacking one of my router ip's, what is the best way to determine which one is receiving the attack?Ĭan sflow provide me with that information as well? Nobit: i'm talking about anything you do on your side, that still results in the DOS or DDOS traffic hitting your router istead of having your isp take care of the issue they have more bandwidth that you, and they won't charge you for traffic that doesn't hit your network Jamesd, are you talking about the effectiveness of a null route in that analogy? Nobit: would it help to put a whole in the bottom of your car, if we put a firehose in the window of your car. You can prevent attacks against infrastructure as well I guess it is better than having the entire network downįyi, ssh logins to routers work after removing "diffie-hellman-group-exchange-sha1" from "KexAlgorithms" (on the client side) Nobit: its still using your bandwidth, and your router could still be in pain, and your traffic may be blocked We have many router IP's, it would just stop a /24 in our network If they're attacking a router IP null routing that would be bad, no? so I need to figure out what they're attacking Then you're not contingent on them doing itīy the time a DOS or DDOS is at your router its too late.Īhh ok. Ok, I just need to determine the source IP's at this point.īest way to deal with it is use your upstreams communities to filter it So see if they will let you null your own shit via bgp The most cost effective way to deal with this is to get your upstream to null route it I'm just barely finishing up my CCNA this month I don't quite know what control plane protection is. You implement proper control plane protection on the router? #Cisco iou netmap id upgradeIs 10gigabit sufficient for an upgrade or should we look at a larger uplink? We haven't had another attack yet since I setup the sflow with prtg Xous, not sure I'll add a monitor for that on our prtg Nobit: is the router cpu spiking like crazy? Onefst250r: if they can saturate the uplink. we don't have a cisco router at this time U bgp null using communities, usually :666 Or pay for a fuckton of hardware that can clean ddos I think they've started attacking our router's IP usually we see an increase in traffic on one of our cabinet switches when this happens but recently we don't see that. The easiest way to do that is to see if they will do that via bgp communities You need to get your transit provider to null route the attacked ipsĪt this point I can't even tell how big the attack is, all we know is that it was enough to saturate the 1 gigabit line We were also thinking about adding a transparent firewall in front of the network like an ASA but we're worried that it won't do much if the line is saturated We're at 1gigabit now thinking about going to 10gigabit Server hosting, dedicated, vps, shared etc We're a hosting provider, we were thinking about increasing our uplink but we're worried that they'll just saturate that as well Im talking out of the blue random ddos that just saturates our uplink. How do you guys deal with ddos on your networks?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |