[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDoS appliances reviews needed

Subject: DDoS appliances reviews needed
From: nanogml at Mail.DDoS-Mitigator.net (alvin nanog)
Date: Wed, 26 Aug 2015 10:53:15 -0700
In-reply-to: <CAK5YLgd0BNDWMJ+HXMBVhCkwDjFCgGMPdo9kTxmNLgoOEsX3Gw@mail.gmail.com>
References: <CAOLsBOsabFa_cxY64OGmuO+0vS5jbW+8xTm_+ZtPH7MOH7FAwA@mail.gmail.com> <CAK5YLgd0BNDWMJ+HXMBVhCkwDjFCgGMPdo9kTxmNLgoOEsX3Gw@mail.gmail.com>

hi ramy

On 08/26/15 at 12:54pm, Aftab Siddiqui wrote:
> 
> > Anybody here has experienced a PoC for any anti DDoS appliance, or already
> > using a anti DDoS appliance in production and able to share his user
> > experience/review?
> >
> 
> only interested in appliance? why not scrubbing services? is it for own use
> (industry reviews before purchase) or some article/publication/research?

see previous similar thread for some "real world reviews by folks"

http://mailman.nanog.org/pipermail/nanog/2015-April/074410.html

i think a "benchmarking ddos lab" would be fun to build and publish findings..
to test all the ddos appliances from those competitors willing to participate

---

for your "reviewing" or collecing info from folks ..
- what's your metrics that is important to you ?
- what (ddos) problems are you trying to resolve ?

- do you want to see the ddos attacks in progress and how you're being attacked
	http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl

- do you want 100% automated ddos defense with zero false positives :-)

my $0.02 ddos experiences n summary over the years, aka mitigation in production use ...

usually, arp-based ddos attacks requires fixing your infrastructure, 
  a ddos appliance may not help you

usually, udp and icmp ddos attacks can only be resolved by the ISP or scrubbing centers
	- if you limit udp/icmp at your appliance, the damage is already done,
	since those packets used your bandwidth, cpu, memory, diskspace and your time

spoof'd source addresses can only be resolved by having the ISP preventing outgoing
spoofed address ( fix egress filters ) at their edge routers

my requirement: all tcp-based ddos attacks must be tarpit'd ... ddos attacks
are now 1% of it's peak a few years ago where "firefox google.com" wouldn't come up

	- you must be able to distinguish legit tcp traffic from ddos attacks
	which is ez if you build/install/configure the servers properly

	i want the attacking zombies and script kiddies to pay a penalty for 
	attacking my customer's servers

	to sustain a 100,000 tcp packets attack requires lots of kernel memory 
	( 100,000 packets * 1500 byte/packet * 120 seconds ) for 2minute tcp timeouts 

	there are 65,535 tcp they could be attacking ... imho, an ssh-based solution
	or apache-based solution would be useless ... add another 65,535 udp ports

always keep your servers up to date ... patch your OS, apps, etc, etc

volumetric attacks can only be resolved by (expensive) ddos scrubbers or installing 
your own geographcially separated colo in usa, europe, asia like the scrubbers ... 
if you are high profile target, the ddos attackers probably has more bandwidth than 
you could afford and the ddos attacks will probably make the evening news

magic pixie dust
alvin
# DDoS-Mitigator.net/Competitors
# DDoS-Mitigator.net/InHouse-vs-Cloud
# DDoS-Simulator.net
#

Follow-Ups:
- DDoS appliances reviews needed
  - From: ramy.ihashish at gmail.com (Ramy Hashish)

References:
- DDoS appliances reviews needed
  - From: ramy.ihashish at gmail.com (Ramy Hashish)
- DDoS appliances reviews needed
  - From: aftab.siddiqui at gmail.com (Aftab Siddiqui)

Prev by Date: Production-scale NAT64
Next by Date: Zayo Contact
Previous by thread: DDoS appliances reviews needed
Next by thread: DDoS appliances reviews needed
Index(es):
- Date
- Thread