DDoS Attacks on Carrier-grade NAT Infrastructure
A10 Networks has produced a series of LightTalk videos in which company solutions architects explain a technical concept such as the evolution to containers, SYN cookies or, in this case, how DDoS attacks affect carrier-grade NAT infrastructure.
In this video, our solutions architect describes what happens when an attack is initiated using a single IP address. Up to 256 users could be affected by such an attack and while a DDoS detection solution may be able to mitigate the attack, the carrier-grade NAT infrastructure may not be aware, and service then goes down for those subscribers.
Turner goes on to describe how the A10 Thunder® Threat Protection System (TPS) uses auto blacklisting of NAT pool addressing to help detect these attacks and take the IP address out, preserving subscriber services.