I'm putting the name of the ISP just in case anyone knows the actual ISP and has more insight into it.
So, TL;DR; I was DDoSed on my small bussiness and have no internet access, trying to find if there's a permanent solution that doesn't involve tunneling my traffic trough other ISP.
If mods think this doesn't belong in /r/networking i would appreciate if you could help me find it's correct location, purpose of the post: Get Advice or a Solution.
Here's the long story:
So, my setup: Small bussiness network, with approximately 80~90 Network Nodes, with a HP DL 380 G6 server acting up as a Router with pfSense installed on it, Two incoming ISP providers, both with Fiber Optic, first, AXTEL, working with the ONT in Layer 2 so the server gets provisoned with DHCP IP directly, second, TELMEX, working with the ONT as a Router so server is on a 2-ip-private network with the router and with DMZ pointing towards the server.
A couple of weeks back i got DDoS'ed on the main Connection (AXTEL) and for some reason the ISP's reaction for all the incoming traffic is to blacklist my ip in their network, so, i get provisoned with an ip still but i can't connect with the internet past what i'm assuming is one of the main gateways on my zone, but i can still connect with local ip's (like, up to 8km in radious from my location if i have a neighbor who uses the same ISP and i ping his IP i have connectivity to it), but nothing on the "real" internet
I Use the secondary ISP to actually have internet on the site, but the second one has no fixed ip and it keeps changing so reconfiguring DNS and cPanel and other stuff in our network every 10 or so hours that the ip changes is very unpractical.
The attack i received was a flood of i'm assuming was only network headers data (like ACK or something like that) that used up all my 200mbps of internet, so, yeah firewall was ok dropping all of that stuff but it still blocked my internet.
My first solution was to create a VPN Tunnel to another server i have on the US and pass all my network traffic trough that server, so the incoming DDoS was mitigated by the datacenter's infrastructure and that server's firewall and never reached me., problem with this is that my latency of 15~30ms with the internet goes to trash all the way up to 95ms.
So, people from Networking, is there a way to protect myself against theese attacks that doesn't require me to ask my isp for help (since they have made it clear that they won't help) and preferibly doesn't make me use a Tunnel to some other host on the internet.
No comments:
Post a Comment