Not necessarily an appliance, per se. But a "solution". :) A solution preferably that integrates with NetFlow and RTBH. An in-line solution obviously requires an appliance, or at least special/additional hardware. A software-only solution that sucks in NetFlow data and can speak BGP to inject /32 routes is also good. This is essentially what I have right now. With white-listing as a safety-net, I can chose whether traffic should be blocked automatically or punted for human eyes/brains/fingers to be the intelligence. I'm interested in seeing products (including software) that already have the development (anomaly detection, trends/reports, etc.) work done so I can spend my cycles elsewhere. Additional usefulness (not mentioned earlier) would be some form of API or other hook into the system so non-NetFlow input (e.g. syslog) could generate the /32 routes as well. I'm looking at taking the first whack at immediate mitigation at the border/edge (upstream) via uRPF and RTBH. Additional mitigation would be via manual or automatic RTBH or security/abuse@ involvement with upstreams. Thanks, Rick On Mon, Jan 4, 2010 at 8:41 PM, Christopher Morrow <morrowc.lists@gmail.com>wrote:
The original poster seemed to be asking about appliance based solutions, so your pointed remarks about Roland aside he was actually answering the question. I wonder if Stefan Fouant would offer some of his experience with 'not arbor' vendor solutions to be used when other techniques come up short?