Re: ddos attacks

[email protected] dennis at
Thu Dec 19 20:30:08 UTC 2013

Just about every security, network and ADC vendor out there is claiming anti-dos capabilities.  Be careful when going that route and do your own validation.  I suggest looking at Radware and Arbor (both leaders in the market). To successfully mitigate an attack the ideal solutions will weed out the attack and allow legitimate traffic to continue.  Many of the solutions in the commercial market are not much more than rate limiters and are not very forgiving.  Just as important realize while spoofed udp floods are popular they are oftened only the first vector, if successfully mitigated attackers quickly adjust and follow with more complex vectors such as application attacks toward http, ssl, dns query floods, etc.. Remember their goal is to bring you down, , divert your attention while they steal your data or perhaps transfer funds.  They will go to far lengths to achieve their end result.  As you can imagine it's much harder to identify the attack characteristics or for that matter the attacker in these more complex cases.  In summary, I'm a firm believer in a hybrid approach with combination of infrastructure acls, rtbh, qos, URPF, tcp stack hardening, local anti-ddos appliances for application attacks and network floods under link capacity to allow you to stay up while deciding to shift routes into cloud band ability to swing up stream to cloud scrubbing center (in house or third party).

Sent from my Sprint phone.

----- Reply message -----
From: "Paul Ferguson" <fergdawgster at>
To: <nanog at>
Subject: ddos attacks
Date: Thu, Dec 19, 2013 2:35 PM

Hash: SHA1

I'm really surprised no one has mentioned Akamai/Prolexic, especially since
their recent marriage.

If someone has already mentioned it: Apologies.

- - ferg

On 12/19/2013 4:08 AM, Adrian M wrote:

> Hi,
> You can also test WANGUARD, for DDoS detection
> and BGP triggered blackholing.
> On Thu, Dec 19, 2013 at 11:32 AM, Eugeniu Patrascu
> <eugen at>wrote:
>> Hi,
>> You can also take a look at for DDoS
>> protection.
>> Eugeniu
>> On Thu, Dec 19, 2013 at 10:53 AM, Tore Anderson <tore at> wrote:
>>> * James Braunegg
>>>> Of course for any form of Anti DDoS hardware to be functional you
>>>> need to make sure your network can route and pass the traffic so you
>>>> can absorb the bad traffic to give you a chance cleaning the
>>>> traffic.
>>> So in order for an Anti-DDoS appliance to be functional the network
>>> needs to be able to withstand the DDoS on its own. How terribly useful.
>>> Tore

Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8


Paul Ferguson
PGP Public Key ID: 0x63546533

More information about the NANOG mailing list