PoC for shortlisted DDoS Vendors
mkamal at noor.net
Thu Apr 2 15:13:07 UTC 2015
I'm certainly biased to the open-source tools if they do the job
required, and I appreciate your effort exerted on this project. However,
based upon what I saw under the "features" list of your tool, I assume
that it can detect only volumetric DDoS attacks based upon anomalies
such as excessive number of packets/bits/connections/flows per second
based upon some previously learnt or set threshold values.
But what about the protocol types of attack, which, in my humble opinion
is becoming more aggressive day after day?
Core Network Sr. Engineer
On 4/2/2015 5:03 PM, Pavel Odintsov wrote:
> What about open source alternatives? Main part of commercial ddos
> filters are simple high performace firewalls with detection logic
> (which much times more stupid than well trained network engineer).
> But attacks for ISP is not arrived so iften and detection part coukd
> be executed manually (or with oss tools like netflow analyzers or my
> own FastNetMon toolkit).
> For wire speed filtration on 10ge (and even more if you have modern
> cpu; up to 40ge) you could use netmap-ipfw with linux or freebsd with
> simple patches (for enabling multy process mode).
> On Thursday, April 2, 2015, dennis at justipit.com
> <mailto:dennis at justipit.com> <dennis at justipit.com
> <mailto:dennis at justipit.com>> wrote:
> You should include Radware on that list .
> ----- Reply message -----
> Subject: PoC for shortlisted DDoS Vendors
> Date: Wed, Apr 1, 2015 9:51 AM
> In our effort to pick up a reasonably priced DDoS appliance with a
> competitive features, we're in a process of doing a PoC for the
> following shortlisted vendors:
> 1- RioRey
> 2- NSFocus
> 3- Arbor
> 4- A10
> The setup will be inline. So it would be great if anyone have done
> before and can help provide the appropriate tools, advices, or the
> testing documents for efficient PoC.
> Mohamed Kamal
> Core Network Sr. Engineer
> Sincerely yours, Pavel Odintsov
More information about the NANOG