DDoS appliances reviews needed

• Previous message (by thread): DDoS appliances reviews needed
• Next message (by thread): DDoS appliances reviews needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you Alvin, I have just remembered that I wanted to reply to your
previous input on Wanguard versus the other vendors in the market, I will
reply this there.

I can't get exactly what you are doing, do you have your own mitigation SW?
If so I would like to know more about it.



On Wed, Aug 26, 2015 at 8:53 PM, alvin nanog <
nanogml at mail.ddos-mitigator.net> wrote:

>
> hi ramy
>
> On 08/26/15 at 12:54pm, Aftab Siddiqui wrote:
> >
> > > Anybody here has experienced a PoC for any anti DDoS appliance, or
> already
> > > using a anti DDoS appliance in production and able to share his user
> > > experience/review?
> > >
> >
> > only interested in appliance? why not scrubbing services? is it for own
> use
> > (industry reviews before purchase) or some article/publication/research?
>
> see previous similar thread for some "real world reviews by folks"
>
> http://mailman.nanog.org/pipermail/nanog/2015-April/074410.html
>
> i think a "benchmarking ddos lab" would be fun to build and publish
> findings..
> to test all the ddos appliances from those competitors willing to
> participate
>
> ---
>
> for your "reviewing" or collecing info from folks ..
> - what's your metrics that is important to you ?
>

Our important metrics includes but not limited to the following:

- Ability to mitigate all kinds of volumetric DDoS attacks.
- Ability to mitigate application level attacks for at least HTTP, HTTPs,
SMTP and DNS.
- Time-to-detect and time-to-mitigate.
- False positives.
- Response time to the management plan.
- Ability to sniff packets for further analysis with the support.
- Granularity of detection thresholds.
- Percentage of DDoS attack leakage.
- Multitenancy (We are an ISP)


> - what (ddos) problems are you trying to resolve ?
>

- Fast to detect/mitigate appliance, no problem to work inline.


>
> - do you want to see the ddos attacks in progress and how you're being
> attacked
>         http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl
>
> - do you want 100% automated ddos defense with zero false positives :-)
>
> my $0.02 ddos experiences n summary over the years, aka mitigation in
> production use ...
>
>
> my requirement: all tcp-based ddos attacks must be tarpit'd ... ddos
> attacks
> are now 1% of it's peak a few years ago where "firefox google.com"
> wouldn't come up
>
>         - you must be able to distinguish legit tcp traffic from ddos
> attacks
>         which is ez if you build/install/configure the servers properly
>

Could you please give more details on this?


>
>         i want the attacking zombies and script kiddies to pay a penalty
> for
>         attacking my customer's servers
>


Could you please give more details about how to tarpit?

• Previous message (by thread): DDoS appliances reviews needed
• Next message (by thread): DDoS appliances reviews needed
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]