nanog mailing list archives
Re: Checkpoint IPS
From: "Roland Dobbins" <rdobbins () arbor net>
Date: Mon, 09 Feb 2015 01:26:30 +0700
On 8 Feb 2015, at 23:00, BPNoC Group wrote:
Mr Dobbins' slides/presentation gives an idea that a proxy (waf, whatever) fits sitting unprotected among routers and application servers, while its also stateful and fragile enough to deserve previous protection.
from p.16 of the presentation in question:'If stateful firewalls cannot be immediately removed from the architecture, they must be protected against DDoS via S/RTBH, flowspec, IDMS, et. al., just like servers!'
from p.19 of the presentation in question:'Load-balancers must be protected against DDoS - stateless ACLs for policy enforcement, S/RTBH, flowspec, IDMS, and so forth.'
from p.28 of the presentation in question:'Reverse-proxy farms must be protected from DDoS via S/RTBH, flowspec, IDMS, et. al.'
----------------------------------- Roland Dobbins <rdobbins () arbor net>
Current thread:
- Re: Checkpoint IPS, (continued)
- Re: Checkpoint IPS Ray Soucy (Feb 06)
- Re: Checkpoint IPS Roland Dobbins (Feb 06)
- Re: Checkpoint IPS Patrick Tracanelli (Feb 06)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 06)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 06)
- Re: Checkpoint IPS Roland Dobbins (Feb 06)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 06)
- Re: Checkpoint IPS Roland Dobbins (Feb 06)
- Re: Checkpoint IPS Ca By (Feb 07)
- Re: Checkpoint IPS BPNoC Group (Feb 08)
- Re: Checkpoint IPS Roland Dobbins (Feb 08)
- Re: Checkpoint IPS Colin Johnston (Feb 06)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 06)
- Re: Checkpoint IPS Colin Johnston (Feb 06)
- RE: Re: Checkpoint IPS Darden, Patrick (Feb 06)
- Re: Checkpoint IPS Colin Johnston (Feb 06)
- RE: Checkpoint IPS Raymond Burkholder (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)
- RE: Checkpoint IPS Matthew Huff (Feb 05)
- Re: Checkpoint IPS Roland Dobbins (Feb 05)
- RE: Checkpoint IPS Matthew Huff (Feb 05)