DDOS solution recommendation

Ammar Zuberi ammar at fastreturn.net
Sun Jan 11 04:50:01 UTC 2015

I'd beg to differ on this one. The average attacks we're seeing are double that, around the 30-40g mark. Since NTP and SSDP amplification began, we've been seeing all kinds of large attacks.

Obviously, these can easily be blocked upstream to your network. Hibernia Networks blocks them for us.


> On 11 Jan 2015, at 8:37 am, Paul S. <contact at winterei.se> wrote:
> While it indeed is true that attacks up to 600 gbit/s (If OVH and CloudFlare's data is to be believed) have been known to happen in the wild, it's very unlikely that you need to mitigate anything close.
> The average attack is usually around the 10g mark (That too barely) -- so even solutions that service up to 20g work alright.
> Obviously, concerns are different if you're an enterprise that's a DDoS magnet -- but for general service providers selling 'protected services,' food for thought.
>> On 1/11/2015 午後 12:48, Damian Menscher wrote:
>>> On Thu, Jan 8, 2015 at 9:01 AM, Manuel Marín <mmg at transtelco.net> wrote:
>>> I was wondering what are are using for DDOS protection in your networks. We
>>> are currently evaluating different options (Arbor, Radware, NSFocus,
>>> RioRey) and I would like to know if someone is using the cloud based
>>> solutions/scrubbing centers like Imperva, Prolexic, etc and what are the
>>> advantages/disadvantages of using a cloud base vs an on-premise solution.
>>> It would be great if you can share your experience on this matter.
>> On-premise solutions are limited by your own bandwidth.  Attacks have been
>> publicly reported at 400Gbps, and are rumored to be even larger.  If you
>> don't have that much network to spare, then packet loss will occur upstream
>> of your mitigation.  Having a good relationship with your network
>> provider(s) can help here, of course.
>> If you go with a cloud-based solution, be wary of their SLA.  I've seen
>> some claim 100% uptime (not believable) but of course no refund/credits for
>> downtime.  Another provider only provides 20Gbps protection, then will
>> null-route the victim.
>>> On Sat, Jan 10, 2015 at 4:19 PM, Charles N Wyble <charles at thefnf.org> wrote:
>>> Also how are folks testing ddos protection? What lab gear,tools,methods
>>> are you using to determine effectiveness of the mitigation.
>> Live-fire is the cheapest approach (just requires some creative trolling)
>> but if you want to control the "off" button, cloud VMs can be tailored to
>> your needs.  There are also legitimate companies that do network stress
>> testing.
>> Keep in mind that you need to test against a variety of attacks, against
>> all components in the critical path.  Attackers aren't particularly
>> methodical, but will still randomly discover any weaknesses you've
>> overlooked.
>> Damian

More information about the NANOG mailing list