Recommended DDoS mitigation appliance?

• Previous message (by thread): Has Anyone managed to get Delegated RPKI working with ARIN
• Next message (by thread): Recommended DDoS mitigation appliance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mike,

What did you end up going with if not fastnetmon? Were you using their paid
or free version?

On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog at tiedyenetworks.com> wrote:

>
> On 12/5/19 1:43 PM, Hugo Slabbert wrote:
> >> FastNetMon is awesome, but its a detection tool with no mitigation
> >> capacity whatsoever.
> >
> > Does is not, though, provide the ability to hook into RTBH or Flowspec
> > setups?
> >
>
> Yes it does provide RTBH hook.
>
> I evaluated fastnetmon using exactly the 'quick setup' and found it to
> have some serious problems with false alarms and statistical anomalies,
> at least when using pure netflow data (did not try sampled mode).  Hosts
> that were not in fact receiving >100mbps traffic (a traffic level I
> predetermined as 'attack' for a given network segment), would
> occasionally get flagged as such (and rtbh activated), while 2 real
> attacks that came during the testing period (60 days for me) went
> completely unnoticed. Support seemed to concede that sampled mode is
> really the only accurate method, and which by this time I'd expended all
> my interest. Great concept, cool integration, just not ready for prime
> time.
>
>
> MIke-
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200128/f7c72f95/attachment.html>

• Previous message (by thread): Has Anyone managed to get Delegated RPKI working with ARIN
• Next message (by thread): Recommended DDoS mitigation appliance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]