On 8 Feb 2015, at 23:00, BPNoC Group wrote:
Mr Dobbins' slides/presentation gives an idea that a proxy (waf, whatever) fits sitting unprotected among routers and application servers, while its also stateful and fragile enough to deserve previous protection.
from p.16 of the presentation in question: 'If stateful firewalls cannot be immediately removed from the architecture, they must be protected against DDoS via S/RTBH, flowspec, IDMS, et. al., just like servers!' from p.19 of the presentation in question: 'Load-balancers must be protected against DDoS - stateless ACLs for policy enforcement, S/RTBH, flowspec, IDMS, and so forth.' from p.28 of the presentation in question: 'Reverse-proxy farms must be protected from DDoS via S/RTBH, flowspec, IDMS, et. al.' ----------------------------------- Roland Dobbins <rdobbins@arbor.net>