So we have a site with Comcast (enterprise fiber, 100mbps) that has been having issues for a while now. After really digging into things, i firmly believe we are on the receiving end of intermittent DDOS attacks. Sometimes its every few days, sometimes it may go 2-3 weeks without an issue. Luckily we have LTE backup so i can get in and take a look while things are going on . I always see the downstream totally saturated on the WAN side of my firewall, but that traffic is not getting passed to the LAN, which tells me it is not any client requesting traffic. I am sure the attack is higher than 100mbps, but obviously that is all we can see since that maxes out our circuit.
This site has a smaller routed IP subnet from comcast, no BGP. So even if we wanted we could not do a filtering service from a 3rd party. Any on site appliance would not help from my understanding, since by the time it hits us our circuit is maxed and thus the damage is done.
I sent a note out to one higher level comcast contact and didnt really get anywhere, besides them talking about possibly trying to sell us DDOS protection.
We have over 130+ sites, and i have seen maybe 2 attacks over the past 10 years, single incidents each time, maybe lasting less than an hour in total. This is the only site that has ever had ongoing issues.
I plan on getting all my data together and just opening a ticket and see what they say and if there is perhaps any upstream filtering they could do?
Anyone have any experience with this?
No comments:
Post a Comment