[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDoS protection: Corero

Subject: DDoS protection: Corero
From: nanogml at Mail.DDoS-Mitigator.net (alvin nanog)
Date: Thu, 12 May 2016 08:44:18 -0700
In-reply-to: <[email protected]>
References: <[email protected]>

hi 

On 05/12/16 at 01:21pm, Ragnar Sigur?sson Joensen wrote:
> Quick question. Is there anyone on this list using Corero for DDoS protection? If so I'd much appreciate an off-list review of it. Thanks in advance.

hummm ... just some generic comments when comparing "DDoS protection"

one DDoS solution is NOT necessarily a cost-effective mitigation
against all the various types of DDoS attacks

various types of attacks:

   - tcp-based DDoS attacks on any port are best mitigated with 
   iptables + tarpits ( in-house appliance could handle up to 100gig/sec )

   the attacking zombie bots should crash long before they can 
   affect your servers
   ( 100,000 ddos packet/sec * 2Kbyte/packet * 120sec tcp timeouts )

   - udp-based DDoS attacks are best mitigated by confirming that
   your DNS server/app, NTP server/app, SNMP server/app, NFS, X11,
   etc, etc properly patched and hardened

   your ISP will most likely have to be involved to mitigate
   incoming UDP and ICMP based attacks using various methods
   like flow analysis/collection/mediation, rtbh, bgp, etc

#
#  if you like the idea of just 'drop the packet" or "limit it",
#  then, it's too late as you have already received the DDoS packets
#  and the damage is done ...
#

   - volumetric attacks ( say over 10gigbit/s ) probably will 
  require various data-centers spread across the oceans
  or use the cloud ...

   - you will need a security policy ( infrastructure policy ) 
   to define "legitimate traffic" and possibly incomign DDoS attacks

   simple minded rule:

	web servers should only run "apache/etc", all packets to the
	65,534 ports are attacks

	mail servers should only run "sendmail/etc", all packets to 
	the other 65,534 ports are attacks

  - DDoS attacks consisting of silly spam, virii, worms should be 
  non-issues and imho, is easily mitigated w/ dozens of different 
  foss tools and "company/computer/infrastructure policy"

magic pixie dust
alvin
#
# http://DDoS-Mitigator.net ..... http://DDoS-Simulator.net ....
#

References:
- DDoS protection: Corero
  - From: rjoensen at synack.fo (Ragnar Sigurðsson Joensen)

Prev by Date: CALEA
Next by Date: NIST NTP servers
Previous by thread: DDoS protection: Corero
Next by thread: Internet DATA Center IP base utilization/Bandwidth Billing
Index(es):
- Date
- Thread