Recommended DDoS mitigation appliance?

• Previous message (by thread): Recommended DDoS mitigation appliance?
• Next message (by thread): Elephant in the room - Akamai
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/5/19 1:43 PM, Hugo Slabbert wrote:
>> FastNetMon is awesome, but its a detection tool with no mitigation 
>> capacity whatsoever.
>
> Does is not, though, provide the ability to hook into RTBH or Flowspec 
> setups?
>

Yes it does provide RTBH hook.

I evaluated fastnetmon using exactly the 'quick setup' and found it to 
have some serious problems with false alarms and statistical anomalies, 
at least when using pure netflow data (did not try sampled mode).  Hosts 
that were not in fact receiving >100mbps traffic (a traffic level I 
predetermined as 'attack' for a given network segment), would 
occasionally get flagged as such (and rtbh activated), while 2 real 
attacks that came during the testing period (60 days for me) went 
completely unnoticed. Support seemed to concede that sampled mode is 
really the only accurate method, and which by this time I'd expended all 
my interest. Great concept, cool integration, just not ready for prime time.


MIke-

• Previous message (by thread): Recommended DDoS mitigation appliance?
• Next message (by thread): Elephant in the room - Akamai
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]