DDoS Attacks on Carrier Grade NAT Infrastructure
A10 Networks has produced a series of LightTalk videos in which company solutions architects explain a technical concept such as the evolution to containers, SYN cookies or, in this case, how DDoS attacks affect carrier grade NAT infrastructure.
In this video, our solutions architect describes what happens when an attack is initiated using a single IP address. Up to 256 users could be affected by such an attack and while a DDoS protection solution may be able to mitigate the attack, the carrier grade NAT infrastructure may not be aware, and service then goes down for those subscribers.
Turner goes on to describe how the A10 Thunder® Threat Protection System (TPS) uses auto blacklisting of NAT pool addressing to help detect these attacks and take the IP address out, preserving subscriber services.