01-05-2017 02:01 PM
How can we protect our network traffic of NNOS attacks and controlling alarming traffic with same ip address trying flood the internet. Do Brocade MLXe4 and CER routers can help control high volume traffic lke S-flow or Sniffers?
see email from our ISP related to this issue below:
Hi We don't have a way to sent announcements for IP addresses that are participating in DDOS activities.
The group that your IP was part of was over 15,000 IP's.
When we see a DDOS against a client, automation kicks in to limit the bad actors / attackers.
We also take specific data feeds from other sources that we trust when there are larger attacks.
In general, each ISP should make sure that their customers are NOT participating in such activities.
They should make sure that they don't have Open DNS resolvers facing the public internet.
That they don't have NTP servers that are not properly secured.
There are plenty of tools and services that can help provide this information to your NOC folks.
You might want to subscribe to ShadowServers project
Keep in mind we DO NOT block based on "unapproved sites" ergo what the site is or does.
We block based on high volume of abusive traffic that is actively hurting another user of the general internet.
Lawrence Benally, Network Administrator