nanog mailing list archives

Re: D/DoS mitigation hardware/software needed.

From: Jeffrey Lyon <jeffrey.lyon () blacklotus net>
Date: Mon, 4 Jan 2010 17:03:27 -0500

Ask them if they'd come down to $10 - 20k for a full featured model
and they might make two sales, although I doubt it unfortunately.

Best regards, Jeff


On Mon, Jan 4, 2010 at 4:59 PM, Rick Ernst <nanog () shreddedmail com> wrote:

Several responses already, and Arbor has poked their head up.

I'm going to start there and keep the other suggestions at-hand.

Thanks,


On Mon, Jan 4, 2010 at 1:19 PM, Rick Ernst <nanog () shreddedmail com> wrote:


Looking for D/DoS mitigation solutions.  I've seen Arbor Networks mentioned
several times but they haven't been responsive to literature requests (hint,
if anybody from Arbor is looking...).  Our current upstream is 3x GigE from
3 different providers, each landing on their own BGP endpoint feeding a
route-reflector core.

I see two possible solutions:
- Netflow/sFlow/***Flow  feeding a BGP RTBH
- Inline device

Netflow can lag a bit in detection.  I'd be concerned that inline devices
add an additional point of failure.  I'm worried about both failing-open
(e.g. network outage) and false-positives.

My current system is a home-grown NetFlow parser that spits out syslog to
our NOC to investigate potential attacks and manually enter them into our
RTBH.


Any suggestions other than Arbor?  Any other mechanisms being used?  My
idea is to quash the immediate problem and work additional mitigation with
upstreams if needed.

I could probably add some automation to my NetFlow/RTBH setup, but I still
need to worry about false-positives. I'd rather somebody else do the hard
work of finding the various edge-cases.

Thanks,
Rick




-- 
Jeffrey Lyon, Leadership Team
jeffrey.lyon () blacklotus net | http://www.blacklotus.net
Black Lotus Communications of The IRC Company, Inc.

Follow us on Twitter at http://twitter.com/ddosprotection to find out
about news, promotions, and (gasp!) system outages which are updated
in real time.

Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 -
21 to find out how to "protect your booty."

Current thread:

Re: D/DoS mitigation hardware/software needed., (continued)
- - - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Suresh Ramasubramanian (Jan 04)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. John Kristoff (Jan 05)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
    - Re: D/DoS mitigation hardware/software needed. Dobbins, Roland (Jan 04)
- RE: D/DoS mitigation hardware/software needed. Raj Singh (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 04)
  - Re: D/DoS mitigation hardware/software needed. Jeffrey Lyon (Jan 04)
- Re: D/DoS mitigation hardware/software needed. kowsik (Jan 04)
- Re: D/DoS mitigation hardware/software needed. Martin Hannigan (Jan 05)
  - Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 05)
  - Re: D/DoS mitigation hardware/software needed. jul (Jan 10)
    - Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 10)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
    - Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 11)
    - RE: D/DoS mitigation hardware/software needed. Stefan Fouant (Jan 11)
    - Re: D/DoS mitigation hardware/software needed. Rick Ernst (Jan 11)
    - Re: D/DoS mitigation hardware/software needed. Christopher Morrow (Jan 11)

(Thread continues...)