D/DoS mitigation hardware/software needed.

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Dobbins, Roland [mailto:rdobbins at arbor.net]
> Sent: Saturday, January 09, 2010 10:03 AM
> 
> On Jan 9, 2010, at 9:57 PM, Stefan Fouant wrote:
> 
> > Firewalls do have their place in DDoS mitigation scenarios, but if
> used as
> > the "ultimate" solution you're asking for trouble.
> 
> In my experience, their role is to fall over and die, without
> exception.  I can't imagine what possible use a stateful firewall has
> being placed in front of servers under normal conditions, much less
> during a DDoS attack; it just doesn't make sense.

See the earlier post - what I'm referring to here is more along the lines of
stateless packet filters on upstream routers which can be triggered via
Flowspec or similar mechanisms...  I'm not disagreeing with you here on the
other points and largely concur.

Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]