Tough to find out who is creating the issue....our edge can't handle the flood.
Cheers, ______________________________ Andreas Wiatowski | CEO Silo Wireless Inc. Email andr...@silowireless.com 19 Sage Court Brantford, Ontario N3R 7T4 (CANADA) Tel +1.519.449.5656 Extension-600|Fax +1.519.449.5536 |Toll Free +1.866.727.4138 -----Original Message----- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Seth Mattinen Sent: Friday, April 15, 2016 11:24 AM To: af@afmug.com Subject: Re: [AFMUG] Procera CG NAT On 4/15/16 8:15 AM, Andreas Wiatowski wrote: > So what are people doing to do CGN and get around DDOS to a single IP? > We have been doing it on the edge, but the minute a single subscriber > gets attacked we have network impact….. there is no way to suppress, > my understanding is that if we moved the edge onto the Procera, it can > distinguish traffic and suppress an attack. > > As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps > attacks…we have changed the natted address to get around, but even > then we sometimes have the attack follow to the new address. > > This is becoming a nightmare to manage. If only I could give every > customer a public! > Many times it's related to online gaming. Have you tried identifying xbox/ps users and making them NAT from a separate IP than your non-gaming customer to see if it follows them? ~Seth