Follow

What can AARNet customers do to mitigate DoS and DDoS attacks?

Prior to DDoS or DoS attack

  • Deploy BCP 38 within your own network to protect your own network from the impact of attacks running within your network, even if they are being dropped by AARNet.
  • Test and document tagging a BGP route with 7575:6 and make sure that AARNet is dropping the traffic destined to that IP address. Repeat this as a regular part of your Disaster Recovery and Change control processes.
  • Ensure that all cloud-based servers hosted within your network are secured and monitored, so as not to be used as well-connected sources of outbound DoS/DDoS attacks.
  • Ensure that all individual hosts, desktops, notebooks, servers and other appliances are protected from intrusion and compromize with on-going and timely software updates and the installation of other protection software.

During a DDoS or DoS attack

  • Utilize Netflow/IPFix, an Intrusion Detection System or an Intrusion Protection System to identify when attacks are occurring and identify where possible the source IP addresses and ports.
  • Use Remote Triggered Blackhole routing to mitigate the attack, or
  • Notify the AARNet NOC (Network Operations Centre) that you are under attack: noc@aarnet.edu.au or 1300 275 662. The NOC will investigate and have a network engineer discuss possible solutions to help deal with the DoS with you.