nanog mailing list archives

Re: Experience on Wanguard for 'anti' DDOS solutions

From: "marcel.duregards () yahoo fr" <marcel.duregards () yahoo fr>
Date: Sat, 15 Aug 2015 14:07:37 +0200

One thing which is not so obvious is to reduce false positive.

This is hard when you have a mix of traffic profiles/patterns withinyour network, with customers in differents domains (scientists,financials, video addicted, torrent addicted, etc...) with differentbandwidth.

a)

Does anybody tried to separate ip range by traffic profile to applyspecific rule/profile per ip allocation?


puts all financials clients into range X/X and define rule Z
puts all scientists clients into range Y/Y and apply rule Q
etc....

Does this help ?

b)
One other method could be to classify customers by their bandwidth.

profile 1. from 10-100M
profile 2. 100-500M
profile 3. 500M-1000M
profile 4. >1000M

Like this you do not mix big BW with small BW customer, and do not getalerted when client from profile 4 start to download at 1G.


Any experience ?

My guess is that solution b is better than a. Not so easy to classifytraffic pattern per group of client.


Thank, best regards.
- Marcel



On 13.08.2015 06:42, Ramy Hashish wrote:

Hello Fabien,

And why don't you use A10 for both detection and mitigation?

Thanks,

Ramy

On Wed, Aug 12, 2015 at 6:42 PM, Fabien Delmotte <fdelmotte1 () mac com> wrote:

Hello

My 2 cents
You can use Wanguard for the detection and A10 for the mitigation, you
have just to play with the API.

Regards

Fabien

Le 12 août 2015 à 16:28, Ramy Hashish <ramy.ihashish () gmail com> a écrit



Date: Tue, 11 Aug 2015 08:14:54 +0200
From: "marcel.duregards () yahoo fr" <marcel.duregards () yahoo fr>
To: nanog () nanog org
Subject: Re: Experience on Wanguard for 'anti' DDOS solutions
Message-ID: <55C992DE.3020906 () yahoo fr>
Content-Type: text/plain; charset=windows-1252; format=flowed

anybody from this impressive list ?:

https://www.andrisoft.com/company/customers

-- Marcel

Anybody here compared Wanguard's performance with the DDoS vendors in the
market (Arbor, Radware, NSFocus, A10, RioRey, Staminus, F5 ......)?

Another question, have anybody from the reviewers tested the false
positives of the box, or experienced any false positive incidents?

Thanks,

Ramy

Current thread:

Re: Experience on Wanguard for 'anti' DDOS solutions, (continued)
- - - Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 10)
    - Re: Experience on Wanguard for 'anti' DDOS solutions Nick Rose (Aug 11)
    - Re: Experience on Wanguard for 'anti' DDOS solutions Aaron (Aug 11)
    - Re: Experience on Wanguard for 'anti' DDOS solutions Matt Taylor (Aug 11)
    - Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Richard Holbo (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Richard Hesse (Aug 28)
- Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 12)
  - Re: Experience on Wanguard for 'anti' DDOS solutions Fabien Delmotte (Aug 12)
    - Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 12)
    - Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 15)
  - Re: Experience on Wanguard for 'anti' DDOS solutions alvin nanog (Aug 12)
    - Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 26)
  - Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 12)