Re: DDOS, IDS, RTBH, and Rate limiting
Look at the products from RioRey (www.riorey.com). IMHO I think their technology is much better than some of the other players out here. On 11/08/2014 07:10 PM, Eric C. Miller wrote: > Today, we experienced (3) separate DDoS attacks from Eastern Asia, all > generating > 2Gbps towards a single IP address in our network. All 3 attacks > targeted different IP addresses with dst UDP 19, and the attacks lasted for > about 5 minutes and stopped as fast as they started. > > Does anyone have any suggestions for mitigating these type of attacks? > > A couple of things that we've done already... > > We set up BGP communities with our upstreams, and tested that RTBH can be set > and it does work. However, by the time that we are able to trigger the black > hole, the attack is almost always over. > > For now, we've blocked UDP 19 incoming at our edge, so that if future, > similar attacks occur, it doesn't affect our internal links. > > What I think that I need is an IDS that can watch our edge traffic and > automatically trigger a block hole advertisement for any internal IP > beginning to receive > 100Mbps of traffic. A few searches are initially > coming up dry... > > > > Eric Miller, CCNP > Network Engineering Consultant > (407) 257-5115 > > > > -- Joe Chisolm Computer Translations, Inc. Marble Falls, Tx. 830-265-8018 Public Key Available at www.sks-keyservers.net
Re: DDoS appliances reviews needed
Gartner did a report about a year ago. Not free. https://www.gartner.com/doc/2910217/ddos-comparison-defense-approaches On 08/26/2015 07:40 AM, Ramy Hashish wrote: Good day all, Anybody here has experienced a PoC for any anti DDoS appliance, or already using a anti DDoS appliance in production and able to share his user experience/review? We need to collect good reviews from people whom got their hands dirty with the configuration/attack mitigation, real experience. Thanks, Ramy -- Joe Chisolm Computer Translations, Inc. Network and Datacenter Consulting Marble Falls, Tx. 830-265-8018 Public Key Available at www.sks-keyservers.net
Re: Charter DDOS scrubbing.
One option is to do it yourself. Contact some of the ddos vendors. I know RioRey ( www.riorey.com ) has mb, gb and 10g+ products and a scrubbing center. On 03/18/2016 03:34 PM, Ethan E. Dee wrote: Globalvision is an ISP in greenville sc. We are currently peering with two other ISP's we have a gig link with charter and are getting hammered quite hard with a full gig and more of DDoS on SIP, DNS, NTP, and other random UDP traffic. Alot of folks have said that charter will do DDoS scrubbing. Charter however is telling me they absolutely cannot offer this service. Does anyone have any info on contacting charter or who to bug about this to get it in the works? Or does any know for certain that there's no reason to even ask? -- Joe Chisolm Computer Translations, Inc. Marble Falls, Tx.
Re: PoC for shortlisted DDoS Vendors
I have recommended RioRey to our clients. There have been no, or only minor, issues with any of the testing, mismatch with optics and that was a client issue. The RioRey box can be set in full bypass, monitor, or mitigation. You can install in bypass mode first to make sure everything is wired up correctly, then switch on monitor mode and see how it is doing. When your comfort level increases you can turn on full mitigation mode. Full disclosure I did work for RioRey years back, but for our clients we always try to recommend what works best for the client. On 04/01/2015 11:51 AM, Mohamed Kamal wrote: > In our effort to pick up a reasonably priced DDoS appliance with a > competitive features, we're in a process of doing a PoC for the > following shortlisted vendors: > > 1- RioRey > 2- NSFocus > 3- Arbor > 4- A10 > > The setup will be inline. So it would be great if anyone have done this > before and can help provide the appropriate tools, advices, or the > testing documents for efficient PoC. > > Thanks. > -- Joe Chisolm Computer Translations, Inc. Network and Datacenter Consulting Marble Falls, Tx.
