DDOS Solutions

icecream-guy · August 14, 2022, 06:33:22 AM

what type DDOS solution do you have in place ?

we have Radware DefensePro, but configuration is complex and support is not all that great.

what tool do you use to know how much bandwidth a site uses on a regular basis, or how many TCP connections on average?

This type of knowledge is needed to properly set the Radware configuration, right now it is a best guestimate.

Otanx · August 15, 2022, 09:59:01 AM

Our providers offer a remote triggered black hole service that we have configured, and even test on occasion. This lets us use BGP to advertise /32 routes from our address block to them to be black holed on their side. That effectively makes the DoS attack successful, but will save adjacent services that rely on the same upstream links. They also offer scrubbing services, but we have never had to use them. <knock on wood>.

Simple SNMP graphs should get you bandwidth pretty easily. Of course it takes time to get a good measurement. For TCP Connections you would probably need Netflow.

-Otanx

deanwebb · August 15, 2022, 12:47:50 PM

Cloudflare, but I'm not the admin. It's a set-and-forget small business solution in place.

icecream-guy · August 15, 2022, 02:12:12 PM

Quote from: Otanx on August 15, 2022, 09:59:01 AM

Simple SNMP graphs should get you bandwidth pretty easily. Of course it takes time to get a good measurement. For TCP Connections you would probably need Netflow.

-Otanx

ahh netflow, we have that, tools team runs it, another silo disaster where one team does not talk to the other. will need to engage them.

DDOS Solutions

icecream-guy

Otanx

deanwebb

icecream-guy