Any firewall/router that supports ratelimiting should suffice for most DDoS mitigation tactics.  A program called snort (layer 7 content filtering) should take care of
most of your IDS needs as well.  


"Drew Weaver" <drew.weaver@thenap.com>
Sent by: owner-nanog@merit.edu

05/25/2005 10:45 AM

To
<nanog@merit.edu>
cc
Subject
IDS/DDOS prevention hardware that doesnt cost $80,000+?





            I’m wondering if there is such an animal out there? All of the ones I have seen are made for the multi-gigabit service provider there aren’t any for the smaller mid-rangers out there. Can anyone suggest anything that we can put in place? The attacks we’re seeing are just a huge influx of PPS not so much the amount of bandwidth.
 
Offlist to keep chatter low is fine with me.
 
Sorry to be a bother,
 
-D