Differences

This shows you the differences between two versions of the page.

--- wiki:bgp-based_ddos_mitigation [2023/04/11 08:00] – created summit
+++ wiki:bgp-based_ddos_mitigation [2023/04/11 08:02] (current) – summit
@@ Line 1: / Line 1: @@
-{{ :infra-security.pdf |}}
+**Legacy DDoS Mitigation Methods**
+{{:blocking_ddos_in_the_old_days.jpg?1000|}}
+{{:ddos_mitigation_using_scrubbing_center.jpg?1000|}}
+{{:source_remotely_triggered_black_hole.jpg?1000|}}
-{{ :portknock.pdf |}}
+**DDoS Mitigation Using Scrubbing Center**
+{{:screencapture-imperva-products-infrastructure-ddos-protection-services-2023-03-11-04_03_35.png?1000|}}
+[[https://www.youtube.com/watch?v=Uk_FUREn9DU]]
+[[https://www.imperva.com/products/infrastructure-ddos-protection-services/]]
-  * /user set [find name=aminul] password=scl1234
-  *
-  *
-  * /ip service
-  * set telnet disabled=yes
-  * set ftp disabled=yes
-  * set ssh disabled=yes
-  *
-  *
-  *
-  * /ip firewall service-port
-  * set ftp disabled=yes
-  * set tftp disabled=yes
-  * set irc disabled=yes
-  * set h323 disabled=yes
-  * set udplite disabled=yes
-  * set dccp disabled=yes
-  * set sctp disabled=yes
-  * /ip firewall filter
-  * add action=accept chain=forward dst-port=3129 protocol=tcp
-  * add action=drop chain=input dst-port=67-68 protocol=udp
-  * add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
-  * add action=drop chain=forward comment="drop ssh brute forcers" dst-port=22 protocol=tcp src-address-list=ssh_blacklist
-  * add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new dst-port=22 protocol=tcp \
-  *     src-address-list=ssh_stage3
-  * add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \
-  *     src-address-list=ssh_stage2
-  * add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp \
-  *     src-address-list=ssh_stage1
-  * add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new dst-port=22 protocol=tcp
-  * add action=drop chain=input dst-port=22 protocol=tcp
-  * add action=drop chain=input dst-port=23 protocol=tcp
-  * add action=drop chain=input dst-port=21 protocol=tcp
-  * add action=drop chain=input protocol=tcp src-port=135-139
-  * add action=drop chain=input protocol=udp src-port=135-139
-  * add action=drop chain=input protocol=udp src-port=445
-  * add action=drop chain=input protocol=tcp src-port=2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721,11211
-  * add action=drop chain=input protocol=udp src-port=2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721,11211
-  * add action=drop chain=input protocol=tcp src-port=445
-  * add action=drop chain=input protocol=tcp src-port=1718
-  * add action=drop chain=input protocol=udp src-port=1718
-  * add action=drop chain=input protocol=tcp src-port=1719
-  * add action=drop chain=input protocol=udp src-port=1719
-  * add action=drop chain=forward dst-port=1718-1720 protocol=udp
-  * add action=drop chain=forward dst-port=1718-1720 protocol=tcp
-  * add action=drop chain=forward dst-port=11720 protocol=tcp
-  * add action=drop chain=forward dst-port=11720 protocol=udp
-  * add action=drop chain=forward dst-port=4156 protocol=udp
-  * add action=drop chain=forward dst-port=1978 protocol=udp
-  * add action=drop chain=forward dst-port=1978 protocol=tcp
-  * add action=drop chain=forward dst-port=559 protocol=tcp
-  * add action=drop chain=forward dst-port=10100 protocol=udp
-{{:waf.jpg?600|}}