Way overdue! In the last 4 weeks, I've had at least 20 diff conversations
with FSI Network operators re: BGP hijacking, how to detect and in the
future, mitigate with higher levels of success. Come on BGP RPKI/ROA
adaption. I found the easiest way is via ISP pressure to implement dropping
invalid r
Any one else seeing this? Hearing some isolated events across different
industry segments. If you are, can you provide any TTPs?
https://www.arbornetworks.com/blog/asert/rio-olympics-take-gold-540gbsec-sustained-ddos-attacks/
I've used SP Peakflow before and I have my opinions. With all the
intelligence out there about DDoS attacks, DDoS attackers, DDoS tools and
techniques this article leaves me with ton's of questions.
I
To Ramy,
Thank you for the acknowledgement. DDoS Mitigation service providers,
regardless if its pure cloud, hybrid cloud, or CPE only, all face these
challenges when it comes to DDoS Attacks.
Can you restate your question again or rephrase it for the forum? Seems
there is some confusion or maybe
when under load?
>
>
> I typically protect the BGP session by policing all traffic being
> delivered to the remote end except for BGP. Using this posture, my BGP
> session over GRE are stable; even under attack.
>
> Kenneth
>
> On Jun 30, 2015, at 01:37 PM, Dennis B wrot
which deems wide
opinion. Specifically, use-cases about how to apply defense in depth
logically in the DC vs Hybrid vs Pure Cloud.
Good topic, already some back-chatter personal opinions from Nanog lurkers!
Regards,
Dennis B.
On Tue, Jun 30, 2015 at 2:45 PM, Roland Dobbins wrote:
>
> On
Depends on what performance considerations you are trying to address,
technically.
The question is how can we guarantee the GRE/BGP performance (control
traffic) during the time between detection and mitigation?
GRE decapsulation?
IE: Hardware vs Software?
Routing of the Protocol over the interne
The default TTL should be 300 secs, esp with everyone switching A records
to cloud providers, imho.
That way, who ever is the SOA and the zone master, can update it based on
design scale or sla of that provider.
DNS needs a protocol refresh anyways.
Dennis B.
On Apr 16, 2014 7:30 PM, "
8 matches
Mail list logo