What can AARNet customers do to mitigate DoS and DDoS attacks?
Prior to DDoS or DoS attack
Deploy BCP 38 within your own network to protect your own network from the impact of attacks running within your network, even if they are being dropped by AARNet.
Test and document tagging a BGP route with 7575:6 and make sure that AARNet is dropping the traffic destined to that IP address. Repeat this as a regular part of your Disaster Recovery and Change control processes.
Ensure that all cloud-based servers hosted within your network are secured and monitored, so as not to be used as well-connected sources of outbound DoS/DDoS attacks.
Ensure that all individual hosts, desktops, notebooks, servers and other appliances are protected from intrusion and compromize with on-going and timely software updates and the installation of other protection software.
During a DDoS or DoS attack
Utilize Netflow/IPFix, an Intrusion Detection System or an Intrusion Protection System to identify when attacks are occurring and identify where possible the source IP addresses and ports.
Use Remote Triggered Blackhole routing to mitigate the attack, or
Notify the AARNet NOC (Network Operations Centre) that you are under attack: noc@aarnet.edu.au or 1300 275 662. The NOC will investigate and have a network engineer discuss possible solutions to help deal with the DoS with you.
