Re: [AFMUG] DDoS protection vendor

2017-07-14 Thread Andreas Wiatowski 
I sent a message off list

Cheers,
 
Andreas Wiatowski, CEO
Silo Wireless Inc.
1-866-727-4138 x-600
http://www.silowireless.com 
Wireless | Fibre | VoIP | PBX | IPTV
 
_
The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited. 
 

On 2017-07-14, 9:18 PM, "Af on behalf of Dev"  wrote:

Thanks Andreas,

Rough cost or how does their pricing break down? How hard / expensive is 
the setup?

> We implemented Corero.  It works as advertised, all our traffic is 
scrubbed on the fly and only bad traffic is dumped This is at our > > main 
core, 2 separate 10Gbps feeds.  We also have a secondary site with 10Gbps and 
it has a corero as well.  It has allowed us to > sleep at night!

> Cheers,

> Andreas Wiatowski, CEO

> Silo Wireless Inc.

> 1-866-727-4138 x-600

> http://www.silowireless.com 
 
>  Wireless | Fibre | VoIP | PBX | IPTV

Re: [AFMUG] DDoS protection vendor

2017-07-14 Thread Dev 
Thanks Andreas,

Rough cost or how does their pricing break down? How hard / expensive is the 
setup?

> We implemented Corero.  It works as advertised, all our traffic is scrubbed 
> on the fly and only bad traffic is dumped This is at our > > main core, 2 
> separate 10Gbps feeds.  We also have a secondary site with 10Gbps and it has 
> a corero as well.  It has allowed us to > sleep at night!

> Cheers,

> Andreas Wiatowski, CEO

> Silo Wireless Inc.

> 1-866-727-4138 x-600

> http://www.silowireless.com 
 
>  Wireless | Fibre | VoIP | PBX | IPTV

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Mike Hammett 
OOoh, I just thought of a good one... BGP next hops. Those would be good ones 
to get into a black list. :-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Travis Johnson" <t...@ida.net> 
To: af@afmug.com 
Sent: Friday, July 14, 2017 4:33:29 PM 
Subject: Re: [AFMUG] DDoS protection vendor? 

We also kept a "whitelist" of IP addresses that could not be blocked. What do 
you expect for $0 and $0 per month? :) 

Travis 



On 7/14/2017 3:21 PM, Mike Hammett wrote: 



Until someone starts spoofing Google's authoritative DNS servers or root DNS 
servers or 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Travis Johnson" <t...@ida.net> 
To: af@afmug.com 
Sent: Friday, July 14, 2017 4:19:05 PM 
Subject: Re: [AFMUG] DDoS protection vendor? 

Hey, 

Back in the day (4 years ago), we used Mikrotik for our main core 
routers. We would allocate a single IP address from each /24 (randomly 
selected) and then we created a rule that any outside IP address that 
even "touched" that IP was added to our Blackhole address list and 
dropped on the incoming interfaces. 

This was a cheap, easy way to stop many, many attacks. Our blackhole 
list often contained 50,000+ IP addresses. 

Travis 


On 7/14/2017 10:59 AM, Andreas Wiatowski wrote: 
> I agree. It solves many problems. We had 1 this year… had to drop a /24 for 
> about 5 minutes. The other option is to BGP cloud scrub… much bigger $. 
> 
> What we have found is that dealing with even small attacks or identified 
> attacks has slowed the frequency and intensity. Regardless, if you’re a 
> target, you’re going to get hurt in today’s day and age. 
> 
> Cheers, 
> 
> Andreas Wiatowski, CEO 
> Silo Wireless Inc. 
> 1-866-727-4138 x-600 
> http://www.silowireless.com <http://www.silowireless.com/> 
> Wireless | Fibre | VoIP | PBX | IPTV 
> 
> _ 
> The contents of this email message and any attachments are intended solely 
> for the addressee(s) and may contain confidential and/or privileged 
> information and may be legally protected from disclosure. If you are not the 
> intended recipient of this message or their agent, or if this message has 
> been addressed to you in error, please immediately alert the sender by reply 
> email and then delete this message and any attachments. If you are not the 
> intended recipient, you are hereby notified that any use, dissemination, 
> copying, or storage of this message or its attachments is strictly 
> prohibited. 
> 
> 
> On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen" 
> <af-boun...@afmug.com on behalf of se...@rollernet.us> wrote: 
> 
> On 7/14/17 09:04, Andreas Wiatowski wrote: 
> > We implemented Corero. It works as advertised, all our traffic is 
> > scrubbed on the fly and only bad traffic is dumped This is at our main 
> > core, 2 separate 10Gbps feeds. We also have a secondary site with 
> > 10Gbps and it has a corero as well. It has allowed us to sleep at night! 
> > 
> 
> 
> I don't see how this would help if an attacker tries to shove 40Gbps 
> down 2x10GbE pipes. 
> 
> ~Seth 
> 
>

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Travis Johnson 
We also kept a "whitelist" of IP addresses that could not be blocked. 
What do you expect for $0 and $0 per month? :)


Travis


On 7/14/2017 3:21 PM, Mike Hammett wrote:
Until someone starts spoofing Google's authoritative DNS servers or 
root DNS servers or




-
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>


<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>

*From: *"Travis Johnson" <t...@ida.net>
*To: *af@afmug.com
*Sent: *Friday, July 14, 2017 4:19:05 PM
*Subject: *Re: [AFMUG] DDoS protection vendor?

Hey,

Back in the day (4 years ago), we used Mikrotik for our main core
routers. We would allocate a single IP address from each /24 (randomly
selected) and then we created a rule that any outside IP address that
even "touched" that IP was added to our Blackhole address list and
dropped on the incoming interfaces.

This was a cheap, easy way to stop many, many attacks. Our blackhole
list often contained 50,000+ IP addresses.

Travis


On 7/14/2017 10:59 AM, Andreas Wiatowski wrote:
> I agree.  It solves many problems.  We had 1 this year… had to drop 
a /24 for about 5 minutes.  The other option is to BGP cloud scrub… 
much bigger $.

>
> What we have found is that dealing with even small attacks or 
identified attacks has slowed the frequency and intensity. 
 Regardless, if you’re a target, you’re going to get hurt in today’s 
day and age.

>
> Cheers,
>
> Andreas Wiatowski, CEO
> Silo Wireless Inc.
> 1-866-727-4138 x-600
> http://www.silowireless.com <http://www.silowireless.com/>
> Wireless | Fibre | VoIP | PBX | IPTV
>
> _
> The contents of this email message and any attachments are intended 
solely for the addressee(s) and may contain confidential and/or 
privileged information and may be legally protected from disclosure. 
If you are not the intended recipient of this message or their agent, 
or if this message has been addressed to you in error, please 
immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, 
you are hereby notified that any use, dissemination, copying, or 
storage of this message or its attachments is strictly prohibited.

>
>
> On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen" 
<af-boun...@afmug.com on behalf of se...@rollernet.us> wrote:

>
>  On 7/14/17 09:04, Andreas Wiatowski wrote:
>  > We implemented Corero.  It works as advertised, all our 
traffic is
>  > scrubbed on the fly and only bad traffic is dumped This is at 
our main
>  > core, 2 separate 10Gbps feeds.  We also have a secondary site 
with
>  > 10Gbps and it has a corero as well.  It has allowed us to 
sleep at night!

>  >
>
>
>  I don't see how this would help if an attacker tries to shove 
40Gbps

>  down 2x10GbE pipes.
>
>  ~Seth
>
>

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Mike Hammett 
Until someone starts spoofing Google's authoritative DNS servers or root DNS 
servers or 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Travis Johnson" <t...@ida.net> 
To: af@afmug.com 
Sent: Friday, July 14, 2017 4:19:05 PM 
Subject: Re: [AFMUG] DDoS protection vendor? 

Hey, 

Back in the day (4 years ago), we used Mikrotik for our main core 
routers. We would allocate a single IP address from each /24 (randomly 
selected) and then we created a rule that any outside IP address that 
even "touched" that IP was added to our Blackhole address list and 
dropped on the incoming interfaces. 

This was a cheap, easy way to stop many, many attacks. Our blackhole 
list often contained 50,000+ IP addresses. 

Travis 


On 7/14/2017 10:59 AM, Andreas Wiatowski wrote: 
> I agree. It solves many problems. We had 1 this year… had to drop a /24 for 
> about 5 minutes. The other option is to BGP cloud scrub… much bigger $$. 
> 
> What we have found is that dealing with even small attacks or identified 
> attacks has slowed the frequency and intensity. Regardless, if you’re a 
> target, you’re going to get hurt in today’s day and age. 
> 
> Cheers, 
> 
> Andreas Wiatowski, CEO 
> Silo Wireless Inc. 
> 1-866-727-4138 x-600 
> http://www.silowireless.com <http://www.silowireless.com/> 
> Wireless | Fibre | VoIP | PBX | IPTV 
> 
> _ 
> The contents of this email message and any attachments are intended solely 
> for the addressee(s) and may contain confidential and/or privileged 
> information and may be legally protected from disclosure. If you are not the 
> intended recipient of this message or their agent, or if this message has 
> been addressed to you in error, please immediately alert the sender by reply 
> email and then delete this message and any attachments. If you are not the 
> intended recipient, you are hereby notified that any use, dissemination, 
> copying, or storage of this message or its attachments is strictly 
> prohibited. 
> 
> 
> On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen" 
> <af-boun...@afmug.com on behalf of se...@rollernet.us> wrote: 
> 
> On 7/14/17 09:04, Andreas Wiatowski wrote: 
> > We implemented Corero. It works as advertised, all our traffic is 
> > scrubbed on the fly and only bad traffic is dumped This is at our main 
> > core, 2 separate 10Gbps feeds. We also have a secondary site with 
> > 10Gbps and it has a corero as well. It has allowed us to sleep at night! 
> > 
> 
> 
> I don't see how this would help if an attacker tries to shove 40Gbps 
> down 2x10GbE pipes. 
> 
> ~Seth 
> 
>

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Travis Johnson 

Hey,

Back in the day (4 years ago), we used Mikrotik for our main core 
routers. We would allocate a single IP address from each /24 (randomly 
selected) and then we created a rule that any outside IP address that 
even "touched" that IP was added to our Blackhole address list and 
dropped on the incoming interfaces.


This was a cheap, easy way to stop many, many attacks. Our blackhole 
list often contained 50,000+ IP addresses.


Travis


On 7/14/2017 10:59 AM, Andreas Wiatowski wrote:

I agree.  It solves many problems.  We had 1 this year… had to drop a /24 for 
about 5 minutes.  The other option is to BGP cloud scrub… much bigger $$.

What we have found is that dealing with even small attacks or identified 
attacks has slowed the frequency and intensity.  Regardless, if you’re a 
target, you’re going to get hurt in today’s day and age.

Cheers,
  
Andreas Wiatowski, CEO

Silo Wireless Inc.
1-866-727-4138 x-600
http://www.silowireless.com 
Wireless | Fibre | VoIP | PBX | IPTV
  
_

The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited.
  


On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen"  wrote:

 On 7/14/17 09:04, Andreas Wiatowski wrote:
 > We implemented Corero.  It works as advertised, all our traffic is
 > scrubbed on the fly and only bad traffic is dumped This is at our main
 > core, 2 separate 10Gbps feeds.  We also have a secondary site with
 > 10Gbps and it has a corero as well.  It has allowed us to sleep at night!
 >
 
 
 I don't see how this would help if an attacker tries to shove 40Gbps

 down 2x10GbE pipes.
 
 ~Seth

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Mike Hammett 
Sure, it won't fix those, but it'll fix all of the smaller ones. :-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Seth Mattinen" <se...@rollernet.us> 
To: af@afmug.com 
Sent: Friday, July 14, 2017 11:44:05 AM 
Subject: Re: [AFMUG] DDoS protection vendor? 

On 7/14/17 09:04, Andreas Wiatowski wrote: 
> We implemented Corero. It works as advertised, all our traffic is 
> scrubbed on the fly and only bad traffic is dumped This is at our main 
> core, 2 separate 10Gbps feeds. We also have a secondary site with 
> 10Gbps and it has a corero as well. It has allowed us to sleep at night! 
> 


I don't see how this would help if an attacker tries to shove 40Gbps 
down 2x10GbE pipes. 

~Seth

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Andreas Wiatowski 
I agree.  It solves many problems.  We had 1 this year… had to drop a /24 for 
about 5 minutes.  The other option is to BGP cloud scrub… much bigger $$.

What we have found is that dealing with even small attacks or identified 
attacks has slowed the frequency and intensity.  Regardless, if you’re a 
target, you’re going to get hurt in today’s day and age.

Cheers,
 
Andreas Wiatowski, CEO
Silo Wireless Inc.
1-866-727-4138 x-600
http://www.silowireless.com 
Wireless | Fibre | VoIP | PBX | IPTV
 
_
The contents of this email message and any attachments are intended solely for 
the addressee(s) and may contain confidential and/or privileged information and 
may be legally protected from disclosure. If you are not the intended recipient 
of this message or their agent, or if this message has been addressed to you in 
error, please immediately alert the sender by reply email and then delete this 
message and any attachments. If you are not the intended recipient, you are 
hereby notified that any use, dissemination, copying, or storage of this 
message or its attachments is strictly prohibited. 
 

On 2017-07-14, 12:44 PM, "Af on behalf of Seth Mattinen"  wrote:

On 7/14/17 09:04, Andreas Wiatowski wrote:
> We implemented Corero.  It works as advertised, all our traffic is 
> scrubbed on the fly and only bad traffic is dumped This is at our main 
> core, 2 separate 10Gbps feeds.  We also have a secondary site with 
> 10Gbps and it has a corero as well.  It has allowed us to sleep at night!
> 


I don't see how this would help if an attacker tries to shove 40Gbps 
down 2x10GbE pipes.

~Seth

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Seth Mattinen 

On 7/14/17 09:04, Andreas Wiatowski wrote:
We implemented Corero.  It works as advertised, all our traffic is 
scrubbed on the fly and only bad traffic is dumped This is at our main 
core, 2 separate 10Gbps feeds.  We also have a secondary site with 
10Gbps and it has a corero as well.  It has allowed us to sleep at night!





I don't see how this would help if an attacker tries to shove 40Gbps 
down 2x10GbE pipes.


~Seth

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Cassidy B. Larson 
How much do they run?


> On Jul 14, 2017, at 10:04 AM, Andreas Wiatowski  
> wrote:
> 
> We implemented Corero.  It works as advertised, all our traffic is scrubbed 
> on the fly and only bad traffic is dumped This is at our main core, 2 
> separate 10Gbps feeds.  We also have a secondary site with 10Gbps and it has 
> a corero as well.  It has allowed us to sleep at night!
>  
> 
> Cheers,
> Andreas Wiatowski, CEO
> Silo Wireless Inc.
> 1-866-727-4138 x-600
> http://www.silowireless.com  
> >
> Wireless | Fibre | VoIP | PBX | IPTV
> _
> The contents of this email message and any attachments are intended solely 
> for the addressee(s) and may contain confidential and/or privileged 
> information and may be legally protected from disclosure. If you are not the 
> intended recipient of this message or their agent, or if this message has 
> been addressed to you in error, please immediately alert the sender by reply 
> email and then delete this message and any attachments. If you are not the 
> intended recipient, you are hereby notified that any use, dissemination, 
> copying, or storage of this message or its attachments is strictly prohibited.
>  
>  
> On 2017-07-13, 9:22 AM, "Af on behalf of Christopher Tyler" 
>  on behalf of 
> ch...@totalhighspeed.net > wrote:
>  
> We weren't able to find a "cost-effective" solution.
> What we found is that the cost is going to be based on the amount of 
> traffic that you receive as well as the cost for setup and equipment to do 
> the BGP switch for you it was well into the tens of thousands of dollars up 
> front. With four different upstream providers in four separate data centers, 
> the costs for us weren't justifiable.
> A small caveat which wasn't a problem for us since we already do BGP with 
> all of our upstream providers, but if your upstream doesn't do BGP you are 
> out of luck.
> 
> -- 
> Christopher Tyler 
> MTCRE/MTCNA/MTCTCE/MTCWE 
> Total Highspeed Internet Services 
> 417.851.1107
> 
> - Original Message -
> From: "Dev" >
> To: af@afmug.com 
> Sent: Wednesday, July 12, 2017 7:32:53 PM
> Subject: [AFMUG] DDoS protection vendor?
> 
> Who is a good for cost-effective DDoS protection and what are you paying? 
> My upstream really doesn’t now to handle a DDoS, so I’m looking for someone 
> to help with some subnets.
>

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Paul Stewart 
Procera boxes can do some neat tricks as you mention for sure… just be sure you 
don’t topple over the box(es) in doing so though as it’s not hard to do (as 
their boxes are not designed for it so understandable) 

Paul


> On Jul 14, 2017, at 6:42 AM, Steve <li...@wavedirect.org> wrote:
> 
> Procera has some tricks in dealing with DDOS too.  I had one of their 
> engineers send me over some ideas a while back.  I have never needed to use 
> it however. But the one good thing about it was that if something happens 
> you'll see where the target of the DDOS is going pretty fast.  At times it is 
> difficult to find when your routers are overloaded.  
> 
> Steven Kenney
> Network Operations Manager
> WaveDirect Telecommunications
> http://www.wavedirect.net
> (519)737-WAVE (9283)
> 
> - Original Message -
> From: "Simon Westlake" <simon@sonar.software>
> To: "af" <af@afmug.com>
> Sent: Thursday, July 13, 2017 12:29:15 PM
> Subject: Re: [AFMUG] DDoS protection vendor?
> 
> There are companies where you can have them announce your IP space, and 
> they only send you the 'good' traffic. But it costs a hell of a lot more 
> than just upgrading your upstream for most smaller ISPs.
> 
> On 7/13/2017 10:19 AM, Kurt Fankhauser wrote:
>> Is there a way to do DDOS protection that doesn't involve buying a 
>> bigger bandwidth pipe or initiating some sort of blackhole with your 
>> upstream?
>> 
>> On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett <af...@ics-il.net 
>> <mailto:af...@ics-il.net>> wrote:
>> 
>>I'm going to be implementing some on-net scrubbing boxes.
>>Obviously limited by upstream capacity, simply acquire more
>>upstream capacity.  ;-)
>> 
>> 
>> 
>>-
>>Mike Hammett
>>Intelligent Computing Solutions <http://www.ics-il.com/>
>>
>> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
>>Midwest Internet Exchange <http://www.midwest-ix.com/>
>>
>> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
>>The Brothers WISP <http://www.thebrotherswisp.com/>
>><https://www.facebook.com/thebrotherswisp>
>> 
>> 
>><https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
>>
>>*From: *"Dev" <d...@logicalwebhost.com <mailto:d...@logicalwebhost.com>>
>>*To: *af@afmug.com <mailto:af@afmug.com>
>>*Sent: *Wednesday, July 12, 2017 7:32:53 PM
>>*Subject: *[AFMUG] DDoS protection vendor?
>> 
>>Who is a good for cost-effective DDoS protection and what are you
>>paying? My upstream really doesn’t now to handle a DDoS, so I’m
>>looking for someone to help with some subnets.
>> 
>> 
> 
> -- 
> Simon Westlake
> Email: simon@sonar.software
> Phone: (702) 447-1247 US / (780) 900-1180 CA
> ---
> Sonar Software Inc
> The future of ISP billing and OSS
> https://sonar.software

Re: [AFMUG] DDoS protection vendor?

2017-07-14 Thread Steve 
Procera has some tricks in dealing with DDOS too.  I had one of their engineers 
send me over some ideas a while back.  I have never needed to use it however. 
But the one good thing about it was that if something happens you'll see where 
the target of the DDOS is going pretty fast.  At times it is difficult to find 
when your routers are overloaded.  

Steven Kenney
Network Operations Manager
WaveDirect Telecommunications
http://www.wavedirect.net
(519)737-WAVE (9283)

- Original Message -
From: "Simon Westlake" <simon@sonar.software>
To: "af" <af@afmug.com>
Sent: Thursday, July 13, 2017 12:29:15 PM
Subject: Re: [AFMUG] DDoS protection vendor?

There are companies where you can have them announce your IP space, and 
they only send you the 'good' traffic. But it costs a hell of a lot more 
than just upgrading your upstream for most smaller ISPs.

On 7/13/2017 10:19 AM, Kurt Fankhauser wrote:
> Is there a way to do DDOS protection that doesn't involve buying a 
> bigger bandwidth pipe or initiating some sort of blackhole with your 
> upstream?
>
> On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett <af...@ics-il.net 
> <mailto:af...@ics-il.net>> wrote:
>
> I'm going to be implementing some on-net scrubbing boxes.
> Obviously limited by upstream capacity, simply acquire more
> upstream capacity.  ;-)
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions <http://www.ics-il.com/>
> 
> <https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
> Midwest Internet Exchange <http://www.midwest-ix.com/>
> 
> <https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
> The Brothers WISP <http://www.thebrotherswisp.com/>
> <https://www.facebook.com/thebrotherswisp>
>
>
> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
> 
> *From: *"Dev" <d...@logicalwebhost.com <mailto:d...@logicalwebhost.com>>
> *To: *af@afmug.com <mailto:af@afmug.com>
> *Sent: *Wednesday, July 12, 2017 7:32:53 PM
> *Subject: *[AFMUG] DDoS protection vendor?
>
> Who is a good for cost-effective DDoS protection and what are you
> paying? My upstream really doesn’t now to handle a DDoS, so I’m
> looking for someone to help with some subnets.
>
>

-- 
Simon Westlake
Email: simon@sonar.software
Phone: (702) 447-1247 US / (780) 900-1180 CA
---
Sonar Software Inc
The future of ISP billing and OSS
https://sonar.software

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Simon Westlake 

You can do one or more of these three options:

Drop packets at the edge, so your internal network doesn't get flooded. 
Only works if your edge routers or scrubbing device can handle the load, 
and your upstream connection is big enough to not be saturated.
Use BGP blackhole communities to have your upstream null route traffic 
destined for a specific IP/subnet. Only works if the target(s) of the 
DDoS are small (e.g. a single customer) and your upstream supports 
blackholing.
Have a third party announce your space, scrub DDoS junk, and forward you 
the rest. Will always work, but typically is 5 figures+ in monthly cost.


Third option is the easiest, and by far the most costly.

On 7/13/2017 3:59 PM, Dev wrote:

Yeah, our issue isn’t internal, and we already buy lots of bandwidth and have 
very capable, very large routers, so unless DDoS protection is upstream before 
it hits us, I don’t think it will work? We can’t reach the upstream network 
when it’s flooded, so I think we’d have to route to some very large network 
upstream from them that could handle this, and they scrub it and send it to us. 
Akamai sounds good but expensive (maybe?), I’ve gotten a couple tips off list, 
so thanks. I don’t know what anyone could do in this case with CCR routers 
alone? Our upstream can do BGP.


There are companies where you can have them announce your IP space, and
they only send you the 'good' traffic. But it costs a hell of a lot more
than just upgrading your upstream for most smaller ISPs.

On 7/13/2017 10:19 AM, Kurt Fankhauser wrote:

Is there a way to do DDOS protection that doesn't involve buying a
bigger bandwidth pipe or initiating some sort of blackhole with your
upstream?

On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett > wrote:

I'm going to be implementing some on-net scrubbing boxes.
Obviously limited by upstream capacity, simply acquire more
upstream capacity.  ;-)


--
Simon Westlake
Email: simon@sonar.software
Phone: (702) 447-1247 US / (780) 900-1180 CA
---
Sonar Software Inc
The future of ISP billing and OSS
https://sonar.software

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Dev 
Yeah, our issue isn’t internal, and we already buy lots of bandwidth and have 
very capable, very large routers, so unless DDoS protection is upstream before 
it hits us, I don’t think it will work? We can’t reach the upstream network 
when it’s flooded, so I think we’d have to route to some very large network 
upstream from them that could handle this, and they scrub it and send it to us. 
Akamai sounds good but expensive (maybe?), I’ve gotten a couple tips off list, 
so thanks. I don’t know what anyone could do in this case with CCR routers 
alone? Our upstream can do BGP.

> There are companies where you can have them announce your IP space, and 
> they only send you the 'good' traffic. But it costs a hell of a lot more 
> than just upgrading your upstream for most smaller ISPs.

On 7/13/2017 10:19 AM, Kurt Fankhauser wrote:
> Is there a way to do DDOS protection that doesn't involve buying a 
> bigger bandwidth pipe or initiating some sort of blackhole with your 
> upstream?
> 
> On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett  > wrote:
> 
>I'm going to be implementing some on-net scrubbing boxes.
>Obviously limited by upstream capacity, simply acquire more
>upstream capacity.  ;-)

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Simon Westlake 
There are companies where you can have them announce your IP space, and 
they only send you the 'good' traffic. But it costs a hell of a lot more 
than just upgrading your upstream for most smaller ISPs.


On 7/13/2017 10:19 AM, Kurt Fankhauser wrote:
Is there a way to do DDOS protection that doesn't involve buying a 
bigger bandwidth pipe or initiating some sort of blackhole with your 
upstream?


On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett > wrote:


I'm going to be implementing some on-net scrubbing boxes.
Obviously limited by upstream capacity, simply acquire more
upstream capacity.  ;-)



-
Mike Hammett
Intelligent Computing Solutions 


Midwest Internet Exchange 


The Brothers WISP 





*From: *"Dev" >
*To: *af@afmug.com 
*Sent: *Wednesday, July 12, 2017 7:32:53 PM
*Subject: *[AFMUG] DDoS protection vendor?

Who is a good for cost-effective DDoS protection and what are you
paying? My upstream really doesn’t now to handle a DDoS, so I’m
looking for someone to help with some subnets.




--
Simon Westlake
Email: simon@sonar.software
Phone: (702) 447-1247 US / (780) 900-1180 CA
---
Sonar Software Inc
The future of ISP billing and OSS
https://sonar.software

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Mike Hammett 
An outsourced service that costs even more than that. ;-) 

It depends on if it's a volumetric attack or a "low and slow" attack. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Kurt Fankhauser" <lists.wavel...@gmail.com> 
To: af@afmug.com 
Sent: Thursday, July 13, 2017 10:19:34 AM 
Subject: Re: [AFMUG] DDoS protection vendor? 


Is there a way to do DDOS protection that doesn't involve buying a bigger 
bandwidth pipe or initiating some sort of blackhole with your upstream? 


On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett < af...@ics-il.net > wrote: 




I'm going to be implementing some on-net scrubbing boxes. Obviously limited by 
upstream capacity, simply acquire more upstream capacity. ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 






From: "Dev" < d...@logicalwebhost.com > 
To: af@afmug.com 
Sent: Wednesday, July 12, 2017 7:32:53 PM 
Subject: [AFMUG] DDoS protection vendor? 

Who is a good for cost-effective DDoS protection and what are you paying? My 
upstream really doesn’t now to handle a DDoS, so I’m looking for someone to 
help with some subnets.

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Josh Reynolds 
No.

On Jul 13, 2017 10:19 AM, "Kurt Fankhauser" 
wrote:

> Is there a way to do DDOS protection that doesn't involve buying a bigger
> bandwidth pipe or initiating some sort of blackhole with your upstream?
>
> On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett  wrote:
>
>> I'm going to be implementing some on-net scrubbing boxes. Obviously
>> limited by upstream capacity, simply acquire more upstream capacity.  ;-)
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions 
>> 
>> 
>> 
>> 
>> Midwest Internet Exchange 
>> 
>> 
>> 
>> The Brothers WISP 
>> 
>>
>>
>> 
>> --
>> *From: *"Dev" 
>> *To: *af@afmug.com
>> *Sent: *Wednesday, July 12, 2017 7:32:53 PM
>> *Subject: *[AFMUG] DDoS protection vendor?
>>
>> Who is a good for cost-effective DDoS protection and what are you paying?
>> My upstream really doesn’t now to handle a DDoS, so I’m looking for someone
>> to help with some subnets.
>>
>>
>

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Kurt Fankhauser 
Is there a way to do DDOS protection that doesn't involve buying a bigger
bandwidth pipe or initiating some sort of blackhole with your upstream?

On Thu, Jul 13, 2017 at 10:10 AM, Mike Hammett  wrote:

> I'm going to be implementing some on-net scrubbing boxes. Obviously
> limited by upstream capacity, simply acquire more upstream capacity.  ;-)
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions 
> 
> 
> 
> 
> Midwest Internet Exchange 
> 
> 
> 
> The Brothers WISP 
> 
>
>
> 
> --
> *From: *"Dev" 
> *To: *af@afmug.com
> *Sent: *Wednesday, July 12, 2017 7:32:53 PM
> *Subject: *[AFMUG] DDoS protection vendor?
>
> Who is a good for cost-effective DDoS protection and what are you paying?
> My upstream really doesn’t now to handle a DDoS, so I’m looking for someone
> to help with some subnets.
>
>

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Mike Hammett 
I'm going to be implementing some on-net scrubbing boxes. Obviously limited by 
upstream capacity, simply acquire more upstream capacity. ;-) 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 




- Original Message -

From: "Dev"  
To: af@afmug.com 
Sent: Wednesday, July 12, 2017 7:32:53 PM 
Subject: [AFMUG] DDoS protection vendor? 

Who is a good for cost-effective DDoS protection and what are you paying? My 
upstream really doesn’t now to handle a DDoS, so I’m looking for someone to 
help with some subnets.

Re: [AFMUG] DDoS protection vendor?

2017-07-13 Thread Dennis Burgess 
WE can do DDOS protection on CCRs, just shoot us a call and we can talk. 


Dennis Burgess – Network Solution Engineer – Consultant 
MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE

For Wireless Hardware/Routers visit www.linktechs.net
Radio Frequency Coverages: www.towercoverage.com 
Office: 314-735-0270
E-Mail: dmburg...@linktechs.net 

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dev
Sent: Wednesday, July 12, 2017 7:33 PM
To: af@afmug.com
Subject: [AFMUG] DDoS protection vendor?

Who is a good for cost-effective DDoS protection and what are you paying? My 
upstream really doesn’t now to handle a DDoS, so I’m looking for someone to 
help with some subnets.