We currently have 2x Mikrotik CCR routers that are connected to a BGP provider each. We are having problems with some VPS' on our platform causing/being targeted by UDP flood attacks, etc. We would like someone to mitigate this problem by integrating a solution that can automatically resolve those issues:
1) Use FastNetMon (or any other open source DDoS protection tool) to monitor traffic from CCR (preferably using traffic flows, flexible on this).
2) Set it up in "watch" only mode to alert via PagerDuty if an issue occurs
3) After a week, if everything is okay, we will switch it into blocking mode, you'll have to configure ExaBGP integration so it can announce /32 prefixes to a BGP peer which will block all incoming traffic at our transit provider AND automatically blackhole in mikrotik
4) Slack notifications once something gets blocked!