what type DDOS solution do you have in place ?
we have Radware DefensePro, but configuration is complex and support is not all that great.
what tool do you use to know how much bandwidth a site uses on a regular basis, or how many TCP connections on average?
This type of knowledge is needed to properly set the Radware configuration, right now it is a best guestimate.
Our providers offer a remote triggered black hole service that we have configured, and even test on occasion. This lets us use BGP to advertise /32 routes from our address block to them to be black holed on their side. That effectively makes the DoS attack successful, but will save adjacent services that rely on the same upstream links. They also offer scrubbing services, but we have never had to use them. <knock on wood>.
Simple SNMP graphs should get you bandwidth pretty easily. Of course it takes time to get a good measurement. For TCP Connections you would probably need Netflow.
-Otanx
Cloudflare, but I'm not the admin. It's a set-and-forget small business solution in place.
Quote from: Otanx on August 15, 2022, 09:59:01 AM
Simple SNMP graphs should get you bandwidth pretty easily. Of course it takes time to get a good measurement. For TCP Connections you would probably need Netflow.
-Otanx
ahh netflow, we have that, tools team runs it, another silo disaster where one team does not talk to the other. will need to engage them.