nanog mailing list archives
Re: D/DoS mitigation hardware/software needed.
From: Joe Greco <jgreco () ns sol net>
Date: Sun, 10 Jan 2010 08:40:51 -0600 (CST)
Firewalls do a good job of protecting servers, when properly configured, because they are designed exclusively for the task. Their CAM tables, realtime ASICs and low latencies are very much unlike the CPU-driven, interrupt-bound hardware and kernel-locking, multi-tasking software on a typical web server. IME it is a rare firewall that doesn't fail long, long after (that's after, not before) the hosts behind them would have otherwise gone belly-up.
Then you need to get rid of that '90's antique web server and get something modern. When you say "interrupt-bound hardware," all you are doing is showing that you're not familiar with modern servers and quality operating systems that are designed to mitigate things like DDoS attacks. "Stateful filtering" is to firewalls what "interrupt-based packet processing" is to web servers. Both are recipes for disaster. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Current thread:
- Re: D/DoS mitigation hardware/software needed., (continued)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Hank Nussbacher (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. jul (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
- RE: D/DoS mitigation hardware/software needed. George Bonser (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Joe Greco (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Roger Marquis (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Joe Greco (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Valdis . Kletnieks (Jan 10)
- Message not available
- Re: D/DoS mitigation hardware/software needed. Roger Marquis (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Manolo Hernandez (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Kevin Oberman (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 09)