box against dos/ddos

Dixon, Justin Justin.Dixon at BBandT.com
Thu Jan 31 19:12:21 UTC 2013


> -----Original Message-----
> From: Carlos Kamtha [mailto:kamtha at ak-labs.net]
> Sent: Thursday, January 31, 2013 13:53
> To: Piotr
> Cc: nanog at nanog.org
> Subject: Re: box against dos/ddos
> 
> 
> Arbour Peakflow is probably the way to go.
> 
> However if you don't want to spend a ton of money, you might
> want to consider using a stub router +bgp coupled with a server
> running the appropriate SNMP tools (perhaps cacti) to publish your desired
> data.
> 
> It's not the most convenient solution but it should do..
> 
> Cheers.
> 
> -CK
> 
> On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
> > Hi,
> >
> > I looking some box (vendor, model), which i can put out of the
> > main/product network,  which can analyze packets  netflow,sflow,syslog
> > from bgp router(s) and after discover some anomaly it can do some
> > action, for example:
> >
> > - Box have bgp session with bgp router and advertise attacked ip prefix
> > with some community. Bgp router set next-hop for this prefix to
> /dev/null
> >
> > Normal traffic via bgp router is about 1G/s in and 10G/s out
> >
> > What is worth of looking and what you suggest ?
> >
> > thanks for help,
> > Piotr




Most larger ISPs offer this as a service that you can add on with existing contracts. They usually guarantee up to a certain bandwidth level what they will provide as "clean pipe service". Be advised most ISPs are only able to scrub to L3, anything higher and you have to start looking at Verisign, Prolexic or similar and/or something in house. Especially for SSL based attacks.

Thanks.
Justin



More information about the NANOG mailing list