Page 17 - Cyber Warnings
P. 17
We can now take two
mitigation steps:
Ask our upstream ISP to
drop this traffic or send it to
a scrubbing service or
device if we have one
As an added precaution,
drop all traffic from these
countries going to port 4444
on our own routers
Conclusion
One of the benefits of being able to dig into full-resolution NetFlow data is that you can get
operationally useful insights without needing in-line devices. You also get more freedom to
employ a portfolio of mitigation methods.
At Kentik, we’re big believers in the power of network data. Rather than summarize and FIFO
raw NetFlow data, we augment raw inbound NetFlow records with BGP, GeoIP, and other
datasets, then store that expanded dataset at full resolution for 90 days in our cloud. It’s
possible to do this type of thing with open source tools, or use a service like ours if you don’t
want to DIY. Either way, big data is the way forward if you want to have full details at your
disposal in order to deal with DDoS attacks.
About the Author
Kentik Co-Founder and CEO Avi Freedman has decades of experience as
a leading technologist and networking executive. Prior to co-founding
Kentik in 2014, he served in several roles for Akamai, including Chief
Network Scientist and Vice President of Network Infrastructure. In 1992,
Freedman launched Netaxs, the first ISP for Philadelphia, before going on
to serve as the Network Director for AboveNet and the CTO for
ServerCentral.
17 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
