Mitigation Campaign Steps
1. National CERT or equivalent organization reaches out to constituent remediators to engage them to participate in a focused mitigation campaign.
Depending on the target risk conditions to mitigate, remediators could be ISPs, network owners, product vendors, etc.
2. Brief stakeholders and agree on:
- Target risk conditions
- Mitigation methods
- Campaign time period
- Target risk conditions: Open SSDP
- Mitigation methods:
- Reconfigure the misconigured devices.
- Block udp/1900 altogether at the edge of their network. Block legacy protocols like chargen and echo that don’t have any real use other than DDOS anymore.
- Campaign time period: 6 months to 1 year.
3. Once remediators are on board, establish data receiving points.
4. CyberGreen and other relevant parties hold mitigation briefing with participating remediators.
5. Data source begins sending daily risk data to each data receiving point.
6. Remediators start mitigation over risk conditions.
- Mitigation training material will be provided by CyberGreen
- Ensuring that ISPs are ready to take action will be the national CERT or coordinator’s role