nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DDoS protection: Corero

From: alvin nanog <nanogml () Mail DDoS-Mitigator net>
Date: Thu, 12 May 2016 08:44:18 -0700

hi 

On 05/12/16 at 01:21pm, Ragnar SigurĂ°sson Joensen wrote:

Quick question. Is there anyone on this list using Corero for DDoS protection? If so I'd much appreciate an off-list 
review of it. Thanks in advance.


hummm ... just some generic comments when comparing "DDoS protection"

one DDoS solution is NOT necessarily a cost-effective mitigation
against all the various types of DDoS attacks

various types of attacks:

   - tcp-based DDoS attacks on any port are best mitigated with 
   iptables + tarpits ( in-house appliance could handle up to 100gig/sec )

   the attacking zombie bots should crash long before they can 
   affect your servers
   ( 100,000 ddos packet/sec * 2Kbyte/packet * 120sec tcp timeouts )

   - udp-based DDoS attacks are best mitigated by confirming that
   your DNS server/app, NTP server/app, SNMP server/app, NFS, X11,
   etc, etc properly patched and hardened

   your ISP will most likely have to be involved to mitigate
   incoming UDP and ICMP based attacks using various methods
   like flow analysis/collection/mediation, rtbh, bgp, etc

#
#  if you like the idea of just 'drop the packet" or "limit it",
#  then, it's too late as you have already received the DDoS packets
#  and the damage is done ...
#

   - volumetric attacks ( say over 10gigbit/s ) probably will 
  require various data-centers spread across the oceans
  or use the cloud ...

   - you will need a security policy ( infrastructure policy ) 
   to define "legitimate traffic" and possibly incomign DDoS attacks

   simple minded rule:

        web servers should only run "apache/etc", all packets to the
        65,534 ports are attacks

        mail servers should only run "sendmail/etc", all packets to 
        the other 65,534 ports are attacks

  - DDoS attacks consisting of silly spam, virii, worms should be 
  non-issues and imho, is easily mitigated w/ dozens of different 
  foss tools and "company/computer/infrastructure policy"

magic pixie dust
alvin
#
# http://DDoS-Mitigator.net ..... http://DDoS-Simulator.net ....
#
Previous By Date Next
Previous By Thread Next

Current thread: