Thank you Alvin, I have just remembered that I wanted to reply to your previous input on Wanguard versus the other vendors in the market, I will reply this there.
I can't get exactly what you are doing, do you have your own mitigation SW? If so I would like to know more about it. On Wed, Aug 26, 2015 at 8:53 PM, alvin nanog < nano...@mail.ddos-mitigator.net> wrote: > > hi ramy > > On 08/26/15 at 12:54pm, Aftab Siddiqui wrote: > > > > > Anybody here has experienced a PoC for any anti DDoS appliance, or > already > > > using a anti DDoS appliance in production and able to share his user > > > experience/review? > > > > > > > only interested in appliance? why not scrubbing services? is it for own > use > > (industry reviews before purchase) or some article/publication/research? > > see previous similar thread for some "real world reviews by folks" > > http://mailman.nanog.org/pipermail/nanog/2015-April/074410.html > > i think a "benchmarking ddos lab" would be fun to build and publish > findings.. > to test all the ddos appliances from those competitors willing to > participate > > --- > > for your "reviewing" or collecing info from folks .. > - what's your metrics that is important to you ? > Our important metrics includes but not limited to the following: - Ability to mitigate all kinds of volumetric DDoS attacks. - Ability to mitigate application level attacks for at least HTTP, HTTPs, SMTP and DNS. - Time-to-detect and time-to-mitigate. - False positives. - Response time to the management plan. - Ability to sniff packets for further analysis with the support. - Granularity of detection thresholds. - Percentage of DDoS attack leakage. - Multitenancy (We are an ISP) > - what (ddos) problems are you trying to resolve ? > - Fast to detect/mitigate appliance, no problem to work inline. > > - do you want to see the ddos attacks in progress and how you're being > attacked > http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl > > - do you want 100% automated ddos defense with zero false positives :-) > > my $0.02 ddos experiences n summary over the years, aka mitigation in > production use ... > > > my requirement: all tcp-based ddos attacks must be tarpit'd ... ddos > attacks > are now 1% of it's peak a few years ago where "firefox google.com" > wouldn't come up > > - you must be able to distinguish legit tcp traffic from ddos > attacks > which is ez if you build/install/configure the servers properly > Could you please give more details on this? > > i want the attacking zombies and script kiddies to pay a penalty > for > attacking my customer's servers > Could you please give more details about how to tarpit?
