Re: DDoS appliances reviews needed

[Ramy Hashish <ramy.ihashish () gmail com>]

Thank you Alvin, I have just remembered that I wanted to reply to your
previous input on Wanguard versus the other vendors in the market, I will
reply this there.

I can't get exactly what you are doing, do you have your own mitigation SW?
If so I would like to know more about it.



On Wed, Aug 26, 2015 at 8:53 PM, alvin nanog <
nanogml () mail ddos-mitigator net> wrote:

> hi ramy
>
> On 08/26/15 at 12:54pm, Aftab Siddiqui wrote:
> > > Anybody here has experienced a PoC for any anti DDoS appliance, or
> already
> > > using a anti DDoS appliance in production and able to share his user
> > > experience/review?
> >
> > only interested in appliance? why not scrubbing services? is it for own
> use
> > (industry reviews before purchase) or some article/publication/research?
>
> see previous similar thread for some "real world reviews by folks"
>
> http://mailman.nanog.org/pipermail/nanog/2015-April/074410.html
>
> i think a "benchmarking ddos lab" would be fun to build and publish
> findings..
> to test all the ddos appliances from those competitors willing to
> participate
>
> ---
>
> for your "reviewing" or collecing info from folks ..
> - what's your metrics that is important to you ?

Our important metrics includes but not limited to the following:

- Ability to mitigate all kinds of volumetric DDoS attacks.
- Ability to mitigate application level attacks for at least HTTP, HTTPs,
SMTP and DNS.
- Time-to-detect and time-to-mitigate.
- False positives.
- Response time to the management plan.
- Ability to sniff packets for further analysis with the support.
- Granularity of detection thresholds.
- Percentage of DDoS attack leakage.
- Multitenancy (We are an ISP)


> - what (ddos) problems are you trying to resolve ?

- Fast to detect/mitigate appliance, no problem to work inline.


> - do you want to see the ddos attacks in progress and how you're being
> attacked
>         http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl
>
> - do you want 100% automated ddos defense with zero false positives :-)
>
> my $0.02 ddos experiences n summary over the years, aka mitigation in
> production use ...
>
>
> my requirement: all tcp-based ddos attacks must be tarpit'd ... ddos
> attacks
> are now 1% of it's peak a few years ago where "firefox google.com"
> wouldn't come up
>
>         - you must be able to distinguish legit tcp traffic from ddos
> attacks
>         which is ez if you build/install/configure the servers properly

Could you please give more details on this?


>         i want the attacking zombies and script kiddies to pay a penalty
> for
>         attacking my customer's servers


Could you please give more details about how to tarpit?