[NeMo-DDoS-List] FYI: NeMo DDoS C&A Service Upgrade and Enhancements

Hank Nussbacher hank at mail.iucc.ac.il
Mon Oct 7 11:36:19 IDT 2024


Dear DDoS C&A subscribers,



GÉANT have recently made some improvements to the scrubbing capabilities of the DDoS C&A service, including the following enhancements (which are now in production):



Scrubbing capacity enhancement

  *   In the last quarter we have increased the scrubbing capacity of our A10s from 40G to 100G. This gives us the ability to re-route and cleanse larger volumes of traffic and provide an improved service to NRENs.



Mitigation Template overhaul

  *   GÉANT SOC has reviewed our current scrubbing solution configuration and subjected it to a complete overhaul. With every mitigation template being fine-tuned to provide more specified and accurate scrubbing and include more of A10’s proprietary scrubbing enhancements. In addition, we have included zonal escalations that will happen automatically in the event mitigation is started. The enhancements should be noticed most prominently with UDP based attacks such as DNS reflection and amplification. GÉANT’s review and refining of these templates is ongoing.



Zero Day Attack Pattern Recognition (ZAPR)

  *   ZAPR is a dynamic attack pattern recognition system powered by machine learning algorithms. After the learning phase is complete (currently started as soon as the mitigation zone is opened), ZAPR implements rules tailored specifically to the attack it is analysing (testing shows this to take less than 2 minutes following peace time, though this was in a simulated environment). ZAPR is now enabled in production on every relevant mitigation template.

Kind Regards,
Ryan Richford
GÉANT Security Operations Centre


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nocvm.iucc.ac.il/pipermail/nemo-ddos-list/attachments/20241007/038db948/attachment-0001.htm>


More information about the Nemo-ddos-list mailing list