Recommended DDoS mitigation appliance?
Mike
mike-nanog at tiedyenetworks.com
Wed Jan 29 22:38:30 UTC 2020
I had intended to use the paid version once the 'free trial' proved to
work, but for the previously mentioned reasons it did not and I gave up.
Would still love to have this style of solution in my network and still
open to other solutions, just haven't really found anything else.
On 1/28/20 2:46 PM, Colton Conor wrote:
> Mike,
>
> What did you end up going with if not fastnetmon? Were you using
> their paid or free version?
>
> On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog at tiedyenetworks.com
> <mailto:mike-nanog at tiedyenetworks.com>> wrote:
>
>
> On 12/5/19 1:43 PM, Hugo Slabbert wrote:
> >> FastNetMon is awesome, but its a detection tool with no mitigation
> >> capacity whatsoever.
> >
> > Does is not, though, provide the ability to hook into RTBH or
> Flowspec
> > setups?
> >
>
> Yes it does provide RTBH hook.
>
> I evaluated fastnetmon using exactly the 'quick setup' and found
> it to
> have some serious problems with false alarms and statistical
> anomalies,
> at least when using pure netflow data (did not try sampled mode).
> Hosts
> that were not in fact receiving >100mbps traffic (a traffic level I
> predetermined as 'attack' for a given network segment), would
> occasionally get flagged as such (and rtbh activated), while 2 real
> attacks that came during the testing period (60 days for me) went
> completely unnoticed. Support seemed to concede that sampled mode is
> really the only accurate method, and which by this time I'd
> expended all
> my interest. Great concept, cool integration, just not ready for
> prime time.
>
>
> MIke-
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200129/747b1dc8/attachment.html>
More information about the NANOG
mailing list