nanog mailing list archives

Re: D/DoS mitigation hardware/software needed.

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Tue, 5 Jan 2010 08:48:51 +0530

Two more options.  And for Netflow device - read that to mean Arbor or
its competitors.

5 Ditch the stateful firewall and exclusively use a netflow device

6. Outsource to a hosted DDoS mitigation service (Prolexic etc)

On Tue, Jan 5, 2010 at 8:43 AM, Suresh Ramasubramanian
<ops.lists () gmail com> wrote:

Do you -

1. Have (say) two firewalls in HA config?

2. Back your firewall with routing based measures, S/RTBH, blackhole
communities your upstream offers, etc [the standard nspsec bootcamp
stuff]

3. Simply back the firewall with a netflow based device?

4. Estimate that the risk of a DDoS that exceeds your firewall's rated
capacity is extremely low?  [and yes, 150k ++ connections per second
ddos is going to be massive, and relatively rare for most people]

Current thread:

RE: D/DoS mitigation hardware/software needed., (continued)
- - - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 09)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 09)
    - Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 09)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 09)
    - Re: D/DoS mitigation hardware/software needed. jim deleskie (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Bill Blackford (Jan 04)
    - Message not available
    - Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Darren Bolding (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Darren Bolding (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Darren Bolding (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Darren Bolding (Jan 05)
    - Message not available
    - Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)

(Thread continues...)