Wednesday, May 8, 2019

How to protect against L3 Targetted DDoS?

Suppose I have two 1Gb internet links from two different ISPs. The IP addresses (which are made up) are 11.0.0.1/25 and 12.0.0.1/25. Somebody decides to DDoS bot of these ranges and our ISPs can offer no protection. We can't redirect the attacks to a cloud scrubbing centre with DNS, because the attackers are specifically blasting our IP space.

How do we fix/engineer our way out of the situation? Open to all ideas, apart from buying bigger pipes.



No comments:

Post a Comment