Re: Recommended DDoS mitigation appliance?

[Dmitry Sherman <dmitry () interhost net>]

Check out Wanguard

--
Dmitry Sherman

From: NANOG <nanog-bounces () nanog org> on behalf of Colton Conor <colton.conor () gmail com>
Date: Wednesday, 29 January 2020 at 0:47
To: Mike <mike-nanog () tiedyenetworks com>
Cc: NANOG <nanog () nanog org>
Subject: Re: Recommended DDoS mitigation appliance?

Mike,

What did you end up going with if not fastnetmon? Were you using their paid or free version?

On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog () tiedyenetworks com<mailto:mike-nanog () tiedyenetworks com>> wrote:

On 12/5/19 1:43 PM, Hugo Slabbert wrote:
> > FastNetMon is awesome, but its a detection tool with no mitigation
> > capacity whatsoever.
>
> Does is not, though, provide the ability to hook into RTBH or Flowspec
> setups?

Yes it does provide RTBH hook.

I evaluated fastnetmon using exactly the 'quick setup' and found it to
have some serious problems with false alarms and statistical anomalies,
at least when using pure netflow data (did not try sampled mode).  Hosts
that were not in fact receiving >100mbps traffic (a traffic level I
predetermined as 'attack' for a given network segment), would
occasionally get flagged as such (and rtbh activated), while 2 real
attacks that came during the testing period (60 days for me) went
completely unnoticed. Support seemed to concede that sampled mode is
really the only accurate method, and which by this time I'd expended all
my interest. Great concept, cool integration, just not ready for prime time.


MIke-