box against dos/ddos
Hi, I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example: - Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null Normal traffic via bgp router is about 1G/s in and 10G/s out What is worth of looking and what you suggest ? thanks for help, Piotr
arbor peakflow to start with? On Thursday, January 31, 2013, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
-- --srs (iPad)
2nd the Peakflow recommendation. On Thu, Jan 31, 2013 at 7:23 AM, Suresh Ramasubramanian <ops.lists@gmail.com
wrote:
arbor peakflow to start with?
On Thursday, January 31, 2013, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
-- --srs (iPad)
-- Best Regards, Kenneth McRae *Director, Network Operations* kenneth.mcrae@dreamhost.com Ph: 818-447-2589 www.dreamhost.com
Agreed, my shortlist for evaluation would include Arbor, Radware and Genie NRM. New players to the market include just about every IPS and application load balancing solution out there. -------------------------------------------------- From: "Suresh Ramasubramanian" <ops.lists@gmail.com> Sent: Thursday, January 31, 2013 10:23 AM To: "Piotr" <piotr.1234@interia.pl> Cc: <nanog@nanog.org> Subject: Re: box against dos/ddos
arbor peakflow to start with?
On Thursday, January 31, 2013, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
-- --srs (iPad)
+1 for Radware On 31/01/2013 18:36, dennis wrote:
Agreed, my shortlist for evaluation would include Arbor, Radware and Genie NRM. New players to the market include just about every IPS and application load balancing solution out there.
-------------------------------------------------- From: "Suresh Ramasubramanian" <ops.lists@gmail.com> Sent: Thursday, January 31, 2013 10:23 AM To: "Piotr" <piotr.1234@interia.pl> Cc: <nanog@nanog.org> Subject: Re: box against dos/ddos
arbor peakflow to start with?
On Thursday, January 31, 2013, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
-- --srs (iPad)
I think Radware has to sit inline. I do not believe they offer BGP offramp, so keep that in mind. On Thu, Jan 31, 2013 at 10:39 AM, Jay Coley <j@jcoley.net> wrote:
+1 for Radware
On 31/01/2013 18:36, dennis wrote:
Agreed, my shortlist for evaluation would include Arbor, Radware and Genie NRM. New players to the market include just about every IPS and application load balancing solution out there.
-------------------------------------------------- From: "Suresh Ramasubramanian" <ops.lists@gmail.com> Sent: Thursday, January 31, 2013 10:23 AM To: "Piotr" <piotr.1234@interia.pl> Cc: <nanog@nanog.org> Subject: Re: box against dos/ddos
arbor peakflow to start with?
On Thursday, January 31, 2013, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
-- --srs (iPad)
Arbour Peakflow is probably the way to go. However if you don't want to spend a ton of money, you might want to consider using a stub router +bgp coupled with a server running the appropriate SNMP tools (perhaps cacti) to publish your desired data. It's not the most convenient solution but it should do.. Cheers. -CK On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
-----Original Message----- From: Carlos Kamtha [mailto:kamtha@ak-labs.net] Sent: Thursday, January 31, 2013 13:53 To: Piotr Cc: nanog@nanog.org Subject: Re: box against dos/ddos
Arbour Peakflow is probably the way to go.
However if you don't want to spend a ton of money, you might want to consider using a stub router +bgp coupled with a server running the appropriate SNMP tools (perhaps cacti) to publish your desired data.
It's not the most convenient solution but it should do..
Cheers.
-CK
On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr
Most larger ISPs offer this as a service that you can add on with existing contracts. They usually guarantee up to a certain bandwidth level what they will provide as "clean pipe service". Be advised most ISPs are only able to scrub to L3, anything higher and you have to start looking at Verisign, Prolexic or similar and/or something in house. Especially for SSL based attacks. Thanks. Justin
participants (7)
-
Carlos Kamtha
-
dennis
-
Dixon, Justin
-
Jay Coley
-
Kenneth McRae
-
Piotr
-
Suresh Ramasubramanian