Re: Recommended DDoS mitigation appliance?

[Mike <mike-nanog () tiedyenetworks com>]

I had intended to use the paid version once the 'free trial' proved to 
work, but for the previously mentioned reasons it did not and I gave up. 
Would still love to have this style of solution in my network and still 
open to other solutions, just haven't really found anything else.


On 1/28/20 2:46 PM, Colton Conor wrote:
> Mike,
>
> What did you end up going with if not fastnetmon? Were you using 
> their paid or free version?
>
> On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog () tiedyenetworks com 
> <mailto:mike-nanog () tiedyenetworks com>> wrote:
>
>
>     On 12/5/19 1:43 PM, Hugo Slabbert wrote:
>     >> FastNetMon is awesome, but its a detection tool with no mitigation
>     >> capacity whatsoever.
>     >
>     > Does is not, though, provide the ability to hook into RTBH or
>     Flowspec
>     > setups?
>     >
>
>     Yes it does provide RTBH hook.
>
>     I evaluated fastnetmon using exactly the 'quick setup' and found
>     it to
>     have some serious problems with false alarms and statistical
>     anomalies,
>     at least when using pure netflow data (did not try sampled mode). 
>     Hosts
>     that were not in fact receiving >100mbps traffic (a traffic level I
>     predetermined as 'attack' for a given network segment), would
>     occasionally get flagged as such (and rtbh activated), while 2 real
>     attacks that came during the testing period (60 days for me) went
>     completely unnoticed. Support seemed to concede that sampled mode is
>     really the only accurate method, and which by this time I'd
>     expended all
>     my interest. Great concept, cool integration, just not ready for
>     prime time.
>
>
>     MIke-