Thank you Alvin, I have just remembered that I wanted to reply to your previous input on Wanguard versus the other vendors in the market, I will reply this there. I can't get exactly what you are doing, do you have your own mitigation SW? If so I would like to know more about it. On Wed, Aug 26, 2015 at 8:53 PM, alvin nanog < nanogml@mail.ddos-mitigator.net> wrote:
hi ramy
On 08/26/15 at 12:54pm, Aftab Siddiqui wrote:
Anybody here has experienced a PoC for any anti DDoS appliance, or
already
using a anti DDoS appliance in production and able to share his user experience/review?
only interested in appliance? why not scrubbing services? is it for own use (industry reviews before purchase) or some article/publication/research?
see previous similar thread for some "real world reviews by folks"
http://mailman.nanog.org/pipermail/nanog/2015-April/074410.html
i think a "benchmarking ddos lab" would be fun to build and publish findings.. to test all the ddos appliances from those competitors willing to participate
---
for your "reviewing" or collecing info from folks .. - what's your metrics that is important to you ?
Our important metrics includes but not limited to the following: - Ability to mitigate all kinds of volumetric DDoS attacks. - Ability to mitigate application level attacks for at least HTTP, HTTPs, SMTP and DNS. - Time-to-detect and time-to-mitigate. - False positives. - Response time to the management plan. - Ability to sniff packets for further analysis with the support. - Granularity of detection thresholds. - Percentage of DDoS attack leakage. - Multitenancy (We are an ISP)
- what (ddos) problems are you trying to resolve ?
- Fast to detect/mitigate appliance, no problem to work inline.
- do you want to see the ddos attacks in progress and how you're being attacked http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl
- do you want 100% automated ddos defense with zero false positives :-)
my $0.02 ddos experiences n summary over the years, aka mitigation in production use ...
my requirement: all tcp-based ddos attacks must be tarpit'd ... ddos attacks are now 1% of it's peak a few years ago where "firefox google.com" wouldn't come up
- you must be able to distinguish legit tcp traffic from ddos attacks which is ez if you build/install/configure the servers properly
Could you please give more details on this?
i want the attacking zombies and script kiddies to pay a penalty for attacking my customer's servers
Could you please give more details about how to tarpit?