![](https://secure.gravatar.com/avatar/ae840bc52bef3ac4c62b4424cff65c9c.jpg?s=120&d=mm&r=g)
-----Original Message----- From: Carlos Kamtha [mailto:kamtha@ak-labs.net] Sent: Thursday, January 31, 2013 13:53 To: Piotr Cc: nanog@nanog.org Subject: Re: box against dos/ddos
Arbour Peakflow is probably the way to go.
However if you don't want to spend a ton of money, you might want to consider using a stub router +bgp coupled with a server running the appropriate SNMP tools (perhaps cacti) to publish your desired data.
It's not the most convenient solution but it should do..
Cheers.
-CK
On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
Most larger ISPs offer this as a service that you can add on with existing contracts. They usually guarantee up to a certain bandwidth level what they will provide as "clean pipe service". Be advised most ISPs are only able to scrub to L3, anything higher and you have to start looking at Verisign, Prolexic or similar and/or something in house. Especially for SSL based attacks. Thanks. Justin