Security Basics mailing list archives
Re: DDOS mitigation
From: Christopher Stromblad <cs () outpost24 com>
Date: Mon, 14 Aug 2006 18:22:58 +0100
Hi, I can't help but laugh when I hear about DDoS mitigation products. It's very simple. You have a network connection with a capacity of say, 2 Mbps. Let's now say we have a botnet of say 200k "zombies" that will now start an attack against your network. Just to make it simple, each zombie will send 65 Kbps worth of gibberish data each second towards your way. This equals to around 1300 Mbps worth of data coming your way. There is no way you can avoid this. What they might be providing though is a type of anomaly detection mechanism which will sit in front of your firewall or other devices and attempt to detect when something fishy is going on. Of course, it might have its use as it might at least protect the actual device targeted for the DDoS, but you will very likely still suffer from Internetwork connection problems as they will literally eat your bandwidth. My advice is to be careful and ask what exactly they are protecting against or claim to be protecting against. Also, you should justify, at least to your self, why you want to get this type of "protection". What are you attempting to protect against? Connectivity problems? Or device failure due to DoS? Just be careful with the marketing/sales people. :) // Christopher Qotrab wrote:
Hi, i'm currently in a process of reviewing DDOS mitigation product. one of the product that im interested is from Arbor network. Any suggestion on this product ? how bout Cisco Guard DDOS mitigation appliance ? suggstions will be very helpful Thanks --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- DDOS mitigation Qotrab (Aug 14)
- Re: DDOS mitigation Thierry Zoller (Aug 15)
- Re: DDOS mitigation Christopher Stromblad (Aug 15)
- Re[2]: DDOS mitigation Thierry Zoller (Aug 15)
- Re: DDOS mitigation Christopher Stromblad (Aug 15)
- Re: DDOS mitigation intel96 (Aug 17)
- Re[2]: DDOS mitigation Thierry Zoller (Aug 15)
- <Possible follow-ups>
- RE: Re[4]: DDOS mitigation Smith, Brad (Aug 15)
- RE: Re[2]: DDOS mitigation Smith, Brad (Aug 15)
- Re[4]: DDOS mitigation Thierry Zoller (Aug 15)
- Re: Re[4]: DDOS mitigation Ned Fleming (Aug 17)
- Re[4]: DDOS mitigation Thierry Zoller (Aug 15)
- Re: Re: DDOS mitigation anonymous . chocolate (Aug 17)