On 4/15/16 8:15 AM, Andreas Wiatowski wrote:
So what are people doing to do CGN and get around DDOS to a single IP?
We have been doing it on the edge, but the minute a single subscriber
gets attacked we have network impact….. there is no way to suppress, my
understanding is that if we moved the edge onto the Procera, it can
distinguish traffic and suppress an attack.
As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps
attacks…we have changed the natted address to get around, but even then
we sometimes have the attack follow to the new address.
This is becoming a nightmare to manage. If only I could give every
customer a public!
Many times it's related to online gaming. Have you tried identifying
xbox/ps users and making them NAT from a separate IP than your
non-gaming customer to see if it follows them?
~Seth
