nanog mailing list archives
RE: D/DoS mitigation hardware/software needed.
From: Raj Singh <raj.singh () demandmedia com>
Date: Mon, 4 Jan 2010 13:45:36 -0800
Rick, If you pass me your contact info I can forward it to our Arbor Sales guy who can get in touch with you. I been pretty impressed by Arbor so far. Thanks, Raj Singh -----Original Message----- From: Rick Ernst [mailto:nanog () shreddedmail com] Sent: Monday, January 04, 2010 1:20 PM To: NANOG Subject: D/DoS mitigation hardware/software needed. Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned several times but they haven't been responsive to literature requests (hint, if anybody from Arbor is looking...). Our current upstream is 3x GigE from 3 different providers, each landing on their own BGP endpoint feeding a route-reflector core. I see two possible solutions: - Netflow/sFlow/***Flow feeding a BGP RTBH - Inline device Netflow can lag a bit in detection. I'd be concerned that inline devices add an additional point of failure. I'm worried about both failing-open (e.g. network outage) and false-positives. My current system is a home-grown NetFlow parser that spits out syslog to our NOC to investigate potential attacks and manually enter them into our RTBH. Any suggestions other than Arbor? Any other mechanisms being used? My idea is to quash the immediate problem and work additional mitigation with upstreams if needed. I could probably add some automation to my NetFlow/RTBH setup, but I still need to worry about false-positives. I'd rather somebody else do the hard work of finding the various edge-cases. Thanks, Rick
Current thread:
- Re: D/DoS mitigation hardware/software needed., (continued)
- Re: D/DoS mitigation hardware/software needed. Rob Shakir (Jan 06)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
- Re: D/DoS mitigation hardware/software needed. John Kristoff (Jan 05)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 05)
- Re: D/DoS mitigation hardware/software needed. jul (Jan 10)
- Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 10)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 11)
- RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)