If you want to recreate D/DoS from captures (for testing purposes) you might want to check out:
http://www.pcapr.net/dos This lets you validate how your mitigation solutions are holding up. K. On Mon, Jan 4, 2010 at 1:19 PM, Rick Ernst <na...@shreddedmail.com> wrote: > Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned > several times but they haven't been responsive to literature requests (hint, > if anybody from Arbor is looking...). Our current upstream is 3x GigE from > 3 different providers, each landing on their own BGP endpoint feeding a > route-reflector core. > > I see two possible solutions: > - Netflow/sFlow/***Flow feeding a BGP RTBH > - Inline device > > Netflow can lag a bit in detection. I'd be concerned that inline devices > add an additional point of failure. I'm worried about both failing-open > (e.g. network outage) and false-positives. > > My current system is a home-grown NetFlow parser that spits out syslog to > our NOC to investigate potential attacks and manually enter them into our > RTBH. > > > Any suggestions other than Arbor? Any other mechanisms being used? My idea > is to quash the immediate problem and work additional mitigation with > upstreams if needed. > > I could probably add some automation to my NetFlow/RTBH setup, but I still > need to worry about false-positives. I'd rather somebody else do the hard > work of finding the various edge-cases. > > Thanks, > Rick >
