D/DoS mitigation hardware/software needed.

Jeffrey Lyon jeffrey.lyon at blacklotus.net
Mon Jan 4 22:03:27 UTC 2010


Ask them if they'd come down to $10 - 20k for a full featured model
and they might make two sales, although I doubt it unfortunately.

Best regards, Jeff


On Mon, Jan 4, 2010 at 4:59 PM, Rick Ernst <nanog at shreddedmail.com> wrote:
> Several responses already, and Arbor has poked their head up.
>
> I'm going to start there and keep the other suggestions at-hand.
>
> Thanks,
>
>
> On Mon, Jan 4, 2010 at 1:19 PM, Rick Ernst <nanog at shreddedmail.com> wrote:
>
>>
>> Looking for D/DoS mitigation solutions.  I've seen Arbor Networks mentioned
>> several times but they haven't been responsive to literature requests (hint,
>> if anybody from Arbor is looking...).  Our current upstream is 3x GigE from
>> 3 different providers, each landing on their own BGP endpoint feeding a
>> route-reflector core.
>>
>> I see two possible solutions:
>> - Netflow/sFlow/***Flow  feeding a BGP RTBH
>> - Inline device
>>
>> Netflow can lag a bit in detection.  I'd be concerned that inline devices
>> add an additional point of failure.  I'm worried about both failing-open
>> (e.g. network outage) and false-positives.
>>
>> My current system is a home-grown NetFlow parser that spits out syslog to
>> our NOC to investigate potential attacks and manually enter them into our
>> RTBH.
>>
>>
>> Any suggestions other than Arbor?  Any other mechanisms being used?  My
>> idea is to quash the immediate problem and work additional mitigation with
>> upstreams if needed.
>>
>> I could probably add some automation to my NetFlow/RTBH setup, but I still
>> need to worry about false-positives. I'd rather somebody else do the hard
>> work of finding the various edge-cases.
>>
>> Thanks,
>> Rick
>>
>>
>



-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon at blacklotus.net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Follow us on Twitter at http://twitter.com/ddosprotection to find out
about news, promotions, and (gasp!) system outages which are updated
in real time.

Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
21 to find out how to "protect your booty."




More information about the NANOG mailing list