nanog mailing list archives
RE: D/DoS mitigation hardware/software needed.
From: "Stefan Fouant" <sfouant () shortestpathfirst net>
Date: Sat, 9 Jan 2010 10:40:52 -0500
-----Original Message----- From: Dobbins, Roland [mailto:rdobbins () arbor net] Sent: Saturday, January 09, 2010 10:03 AM On Jan 9, 2010, at 9:57 PM, Stefan Fouant wrote:Firewalls do have their place in DDoS mitigation scenarios, but ifused asthe "ultimate" solution you're asking for trouble.In my experience, their role is to fall over and die, without exception. I can't imagine what possible use a stateful firewall has being placed in front of servers under normal conditions, much less during a DDoS attack; it just doesn't make sense.
See the earlier post - what I'm referring to here is more along the lines of stateless packet filters on upstream routers which can be triggered via Flowspec or similar mechanisms... I'm not disagreeing with you here on the other points and largely concur. Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
Current thread:
- D/DoS mitigation hardware/software needed. Rick Ernst (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Tim Eberhard (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Adrian Chadd (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Steve Bertrand (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Ćukasz Bromirski (Jan 09)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. jim deleskie (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Bill Blackford (Jan 04)
- Message not available
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Darren Bolding (Jan 04)