RE: BW Management solutions advice

["Albinati, Luis Martin" <Albo () prima com ar>]

AFAIK, Allot boxes do have an option to decide whether or not to drop
traffic above a certain definable number of connections, which is not
really an attack recognition but its as close as it gets in their box.
Anyway, as you say, they don't react automatically, you need to set it
first :(


> On Fri, 22 Oct 2004, Albinati, Luis Martin wrote:
> > I am considering some bandwidth management solutions and 
> would like to 
> > know if some of you people have had some real world 
> experiences with 
> > this kind of boxes. More specifically I am looking at some 
> Large-ISP 
> > or Carrier-Grade solutions with at least the following 
> specifications:
> > > = 1Gbps traffic capacity
> > > 500k simultaneous connections
> > Layer 7 stateful packet inspection (via protocol signatures and/or 
> > protocol analysis) Traffic prioritization, shaping, QoS and 
> bandwidth 
> > provisioning based on custom defined policies (vlan id, ip ranges, 
> > tos, time of day, etc) possibility to easily update and 
> deploy new or 
> > modified protocol definitions without affecting availability.
>
> Add here: "automatic rate-limiter adaptation" / "attack 
> pattern recognition".
>
> Do we still have solutions on the table?  I'd be interested 
> what kind of solutions are available in Gbit/s-grade which do 
> not need you to configure certain kind of rate-limiters a 
> priori, but can automatically react to most kinds of attacks, 
> even simple ones (e.g., TCP SYN floods).
>
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings