On 02 Feb (00:23:14), Alec Muffett wrote:
I am not going to pretend that I fully understand the DDoS mitigations yet, but experience at two jobs has taught me that at least three entire countries essentially present themselves from behind small numbers of heavily NATed addresses, so I hope that the mitigations are NAT-friendly.
ISTR that UAE and Singapore are two such, I forget the third?
I've been running the circuit creation mitigation for weeks now in different forms which had much more aggressive threshold in the beginning.
At most, my Guard identified 550 ish client address for which I've investigated a bit. They were all from big hosting corp that is dedicatedpanel.com, vultr.com LeaseWeb and Hetzner (the OVH clients were gone at that time).
The majority (82%) was Hetzner.
Thus so far I would say that it is not impacting that much single countries NATed in some ways or another.
This doesn't mean it won't be *especially* when 70% of the network will be rolling out those defenses. We really need to keep a sharp eye on this and adjust accordingly.
Cheers! David