PoC for shortlisted DDoS Vendors

John Kristoff jtk at cymru.com
Thu Apr 2 15:10:13 UTC 2015


On Wed, 01 Apr 2015 19:51:54 +0300
Mohamed Kamal <mkamal at noor.net> wrote:

> The setup will be inline. So it would be great if anyone have done
> this before and can help provide the appropriate tools, advices, or
> the testing documents for efficient PoC.

Hi Mohamed,

We recently introduced a community RTBH service called UTRS that might
be a useful tool in your toolbox.  Automated route relay went into
effect not long ago and it seems to be working well.  It isn't
equivalent to any of the vendors you listed, but complimentary (and
completely free :-) so I hope you don't mind me mentioning it. You can
find more about it here:

  <https://www.cymru.com/jtk/misc/utrs.html>

As for other tools...

NfSen may be an open source option you want to consider.  It can be
extended with plugins you or others provide:

  <http://nfsen.sourceforge.net/>

Team Cymru has leveraged that with a set of plug-ins based on our
insight for your network.  If you want to talk to us about it, see:

  <https://www.team-cymru.org/Flow-Sonar.html>

You might also check out:

  <https://github.com/FastVPSEestiOu/fastnetmon>
  <https://bitbucket.org/tortoiselabs/ddosmon>
  <http://sourceforge.net/projects/panoptis/>

Cisco has, or had the Cisco Guard family of products, formerly based on
the Riverhead acquisition, but that platform was end-of-sale some time
ago and is effectively dead.  They (and some other hardware vendors)
have since begun to license Arbor into their gear.

John



More information about the NANOG mailing list