nanog mailing list archives
Re: Recommended DDoS mitigation appliance?
From: Dmitry Sherman <dmitry () interhost net>
Date: Thu, 30 Jan 2020 03:39:40 +0000
Check out Wanguard -- Dmitry Sherman From: NANOG <nanog-bounces () nanog org> on behalf of Colton Conor <colton.conor () gmail com> Date: Wednesday, 29 January 2020 at 0:47 To: Mike <mike-nanog () tiedyenetworks com> Cc: NANOG <nanog () nanog org> Subject: Re: Recommended DDoS mitigation appliance? Mike, What did you end up going with if not fastnetmon? Were you using their paid or free version? On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog () tiedyenetworks com<mailto:mike-nanog () tiedyenetworks com>> wrote: On 12/5/19 1:43 PM, Hugo Slabbert wrote:
FastNetMon is awesome, but its a detection tool with no mitigation capacity whatsoever.Does is not, though, provide the ability to hook into RTBH or Flowspec setups?
Yes it does provide RTBH hook. I evaluated fastnetmon using exactly the 'quick setup' and found it to have some serious problems with false alarms and statistical anomalies, at least when using pure netflow data (did not try sampled mode). Hosts that were not in fact receiving >100mbps traffic (a traffic level I predetermined as 'attack' for a given network segment), would occasionally get flagged as such (and rtbh activated), while 2 real attacks that came during the testing period (60 days for me) went completely unnoticed. Support seemed to concede that sampled mode is really the only accurate method, and which by this time I'd expended all my interest. Great concept, cool integration, just not ready for prime time. MIke-
Current thread:
- Re: Recommended DDoS mitigation appliance? Colton Conor (Jan 28)
- Re: Recommended DDoS mitigation appliance? Mike (Jan 29)
- Re: Recommended DDoS mitigation appliance? Colton Conor (Jan 29)
- Re: Recommended DDoS mitigation appliance? Dmitry Sherman (Jan 29)
- Re: Recommended DDoS mitigation appliance? Mike (Jan 29)