Distributed denial of service attacks are easy to launch these days. The question is, how do you defend your infrastructure against such attacks? So much of them, so little of you.
That’s why today’s entry in our Design & Build series focuses on DDoS mitigation strategy.
Our guests are Rich Groves and Eric Chou, both of whom have their fair share of DDoS mitigation scars from the work they have done in this space.
Rich Groves is Director of R&D at A10 Networks, and Eric Chou is Principal Engineer at A10. Yes, both guests are from a vendor, but this is not a sponsored show.
The Packet Pushers and Rich and Eric discuss what a DDoS attack might look like from the perspective of a provider, cloud service, and enterprise, and then dive into major principles for mitigation.
We also discuss filtering, mitigation appliances, scrubbing services, the use of BGP Flowspec, and best practices for surviving an attack.
Dispersing a DDoS – Rule 11 Reader
Scrubbing a DDoS – Rule 11 Reader
PQ Show 78: BGP Flowspec For DoS Mitigation – Packet Pushers
Microsoft Digital Crimes Unit – Microsoft
DCU Take Down of Dorkbot botnet – Microsoft
A10 Networks Threat Protection System for DDoS Mitigation – A10 Networks
Sign up for A10 DDoS research related news – A10 Networks (Note: the confirmation email will come from Network Automation Nerds)
FastNetMon DDoS Detection Tool (Community open source version available)
CloudFlare Blogs on DDoS – CloudFlare
DDoS Open Threat Signaling – IETF
Network Security Research Lab 360 – NetLab
Kentik Cloud-Based DDoS Detection – Kentik
Big Switch BigSecure Architecture – Big Switch
Public Cloud DDoS Protection:
Azure DDoS Protection Preview – Azure
Amazon Shield – Amazon