Re: Recommended DDoS mitigation appliance?

[Colton Conor <colton.conor () gmail com>]

Mike,

The free trial is the paid version right? Just was wondering if you use the
community or advanced paid version.

On Wed, Jan 29, 2020 at 4:38 PM Mike <mike-nanog () tiedyenetworks com> wrote:

> I had intended to use the paid version once the 'free trial' proved to
> work, but for the previously mentioned reasons it did not and I gave up.
> Would still love to have this style of solution in my network and still
> open to other solutions, just haven't really found anything else.
>
>
> On 1/28/20 2:46 PM, Colton Conor wrote:
>
> Mike,
>
> What did you end up going with if not fastnetmon? Were you using
> their paid or free version?
>
> On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog () tiedyenetworks com> wrote:
>
> > On 12/5/19 1:43 PM, Hugo Slabbert wrote:
> > > > FastNetMon is awesome, but its a detection tool with no mitigation
> > > > capacity whatsoever.
> > >
> > > Does is not, though, provide the ability to hook into RTBH or Flowspec
> > > setups?
> >
> > Yes it does provide RTBH hook.
> >
> > I evaluated fastnetmon using exactly the 'quick setup' and found it to
> > have some serious problems with false alarms and statistical anomalies,
> > at least when using pure netflow data (did not try sampled mode).  Hosts
> > that were not in fact receiving >100mbps traffic (a traffic level I
> > predetermined as 'attack' for a given network segment), would
> > occasionally get flagged as such (and rtbh activated), while 2 real
> > attacks that came during the testing period (60 days for me) went
> > completely unnoticed. Support seemed to concede that sampled mode is
> > really the only accurate method, and which by this time I'd expended all
> > my interest. Great concept, cool integration, just not ready for prime
> > time.
> >
> >
> > MIke-