Recommended DDoS mitigation appliance?

Thu Jan 30 03:39:40 UTC 2020

Check out Wanguard

--
Dmitry Sherman

From: NANOG <nanog-bounces at nanog.org> on behalf of Colton Conor <colton.conor at gmail.com>
Date: Wednesday, 29 January 2020 at 0:47
To: Mike <mike-nanog at tiedyenetworks.com>
Cc: NANOG <nanog at nanog.org>
Subject: Re: Recommended DDoS mitigation appliance?

Mike,

What did you end up going with if not fastnetmon? Were you using their paid or free version?

On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-nanog at tiedyenetworks.com<mailto:mike-nanog at tiedyenetworks.com>> wrote:

On 12/5/19 1:43 PM, Hugo Slabbert wrote:
>> FastNetMon is awesome, but its a detection tool with no mitigation
>> capacity whatsoever.
>
> Does is not, though, provide the ability to hook into RTBH or Flowspec
> setups?
>

Yes it does provide RTBH hook.

I evaluated fastnetmon using exactly the 'quick setup' and found it to
have some serious problems with false alarms and statistical anomalies,
at least when using pure netflow data (did not try sampled mode).  Hosts
that were not in fact receiving >100mbps traffic (a traffic level I
predetermined as 'attack' for a given network segment), would
occasionally get flagged as such (and rtbh activated), while 2 real
attacks that came during the testing period (60 days for me) went
completely unnoticed. Support seemed to concede that sampled mode is
really the only accurate method, and which by this time I'd expended all
my interest. Great concept, cool integration, just not ready for prime time.

MIke-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200130/aeb3b35d/attachment.html>