D/DoS mitigation hardware/software needed.

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With these safeguards in place - and with flow devices being part of
the mix somewhere .. what you propose is quite reasonable.

There's still the question of whether an application that receives a
lot of new / untrusted traffic - a mail or web server - would benefit
from having a stateful firewall in front .. Roland seems to think not.

--srs

On Tue, Jan 5, 2010 at 9:35 AM, Jeffrey Lyon
<jeffrey.lyon at blacklotus.net> wrote:
> 1. We have multiple nodes conducting DDoS scrubbing, one failing would not
> be catastrophic.
>
> 2.  Indeed.
>
> 3.  Sort of, such devices are downstream for extremely valid reasons I won't
> get into now.
>
> 4. Indeed, were equipped to handle substantially higher than 150kpps.
>
> I'm sure Arbor is really neat but I disagree that any DDoS appliance is a
> standalone solution. I don't expect an employee of the vendor themselves to
> attest to this though.



-- 
Suresh Ramasubramanian (ops.lists at gmail.com)

• Previous message (by thread): D/DoS mitigation hardware/software needed.
• Next message (by thread): D/DoS mitigation hardware/software needed.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]