D/DoS mitigation hardware/software needed.
Rick Ernst
nanog at shreddedmail.com
Tue Jan 5 05:05:53 UTC 2010
Not necessarily an appliance, per se. But a "solution". :)
A solution preferably that integrates with NetFlow and RTBH. An in-line
solution obviously requires an appliance, or at least special/additional
hardware.
A software-only solution that sucks in NetFlow data and can speak BGP to
inject /32 routes is also good. This is essentially what I have right now.
With white-listing as a safety-net, I can chose whether traffic should be
blocked automatically or punted for human eyes/brains/fingers to be the
intelligence.
I'm interested in seeing products (including software) that already have the
development (anomaly detection, trends/reports, etc.) work done so I can
spend my cycles elsewhere.
Additional usefulness (not mentioned earlier) would be some form of API or
other hook into the system so non-NetFlow input (e.g. syslog) could generate
the /32 routes as well.
I'm looking at taking the first whack at immediate mitigation at the
border/edge (upstream) via uRPF and RTBH. Additional mitigation would be
via manual or automatic RTBH or security/[email protected] involvement with upstreams.
Thanks,
Rick
On Mon, Jan 4, 2010 at 8:41 PM, Christopher Morrow
<morrowc.lists at gmail.com>wrote:
> The original poster seemed to be asking about appliance based
> solutions, so your pointed remarks about Roland aside he was actually
> answering the question. I wonder if Stefan Fouant would offer some of
> his experience with 'not arbor' vendor solutions to be used when other
> techniques come up short?
>
More information about the NANOG
mailing list