D/DoS mitigation hardware/software needed.
raj.singh at demandmedia.com
Mon Jan 4 21:45:36 UTC 2010
If you pass me your contact info I can forward it to our Arbor Sales guy who can get in touch with you. I been pretty impressed by Arbor so far.
From: Rick Ernst [mailto:nanog at shreddedmail.com]
Sent: Monday, January 04, 2010 1:20 PM
Subject: D/DoS mitigation hardware/software needed.
Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned
several times but they haven't been responsive to literature requests (hint,
if anybody from Arbor is looking...). Our current upstream is 3x GigE from
3 different providers, each landing on their own BGP endpoint feeding a
I see two possible solutions:
- Netflow/sFlow/***Flow feeding a BGP RTBH
- Inline device
Netflow can lag a bit in detection. I'd be concerned that inline devices
add an additional point of failure. I'm worried about both failing-open
(e.g. network outage) and false-positives.
My current system is a home-grown NetFlow parser that spits out syslog to
our NOC to investigate potential attacks and manually enter them into our
Any suggestions other than Arbor? Any other mechanisms being used? My idea
is to quash the immediate problem and work additional mitigation with
upstreams if needed.
I could probably add some automation to my NetFlow/RTBH setup, but I still
need to worry about false-positives. I'd rather somebody else do the hard
work of finding the various edge-cases.
More information about the NANOG