nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PoC for shortlisted DDoS Vendors

From: John Kristoff <jtk () cymru com>
Date: Thu, 2 Apr 2015 10:10:13 -0500
On Wed, 01 Apr 2015 19:51:54 +0300
Mohamed Kamal <mkamal () noor net> wrote:


The setup will be inline. So it would be great if anyone have done
this before and can help provide the appropriate tools, advices, or
the testing documents for efficient PoC.


Hi Mohamed,

We recently introduced a community RTBH service called UTRS that might
be a useful tool in your toolbox.  Automated route relay went into
effect not long ago and it seems to be working well.  It isn't
equivalent to any of the vendors you listed, but complimentary (and
completely free :-) so I hope you don't mind me mentioning it. You can
find more about it here:

  <https://www.cymru.com/jtk/misc/utrs.html>

As for other tools...

NfSen may be an open source option you want to consider.  It can be
extended with plugins you or others provide:

  <http://nfsen.sourceforge.net/>

Team Cymru has leveraged that with a set of plug-ins based on our
insight for your network.  If you want to talk to us about it, see:

  <https://www.team-cymru.org/Flow-Sonar.html>

You might also check out:

  <https://github.com/FastVPSEestiOu/fastnetmon>
  <https://bitbucket.org/tortoiselabs/ddosmon>
  <http://sourceforge.net/projects/panoptis/>

Cisco has, or had the Cisco Guard family of products, formerly based on
the Riverhead acquisition, but that platform was end-of-sale some time
ago and is effectively dead.  They (and some other hardware vendors)
have since begun to license Arbor into their gear.

John
Previous By Date Next
Previous By Thread Next

Current thread: