Hello, Quick question. Is there anyone on this list using Corero for DDoS protection? If so I'd much appreciate an off-list review of it. Thanks in advance. Thanks, Ragnar Sigurðsson Joensen, rjoensen@synack.fo Operations, +40799694635 Sp/f Synack | synack@synack.fo | +298 201111
hi On 05/12/16 at 01:21pm, Ragnar Sigurðsson Joensen wrote:
Quick question. Is there anyone on this list using Corero for DDoS protection? If so I'd much appreciate an off-list review of it. Thanks in advance.
hummm ... just some generic comments when comparing "DDoS protection" one DDoS solution is NOT necessarily a cost-effective mitigation against all the various types of DDoS attacks various types of attacks: - tcp-based DDoS attacks on any port are best mitigated with iptables + tarpits ( in-house appliance could handle up to 100gig/sec ) the attacking zombie bots should crash long before they can affect your servers ( 100,000 ddos packet/sec * 2Kbyte/packet * 120sec tcp timeouts ) - udp-based DDoS attacks are best mitigated by confirming that your DNS server/app, NTP server/app, SNMP server/app, NFS, X11, etc, etc properly patched and hardened your ISP will most likely have to be involved to mitigate incoming UDP and ICMP based attacks using various methods like flow analysis/collection/mediation, rtbh, bgp, etc # # if you like the idea of just 'drop the packet" or "limit it", # then, it's too late as you have already received the DDoS packets # and the damage is done ... # - volumetric attacks ( say over 10gigbit/s ) probably will require various data-centers spread across the oceans or use the cloud ... - you will need a security policy ( infrastructure policy ) to define "legitimate traffic" and possibly incomign DDoS attacks simple minded rule: web servers should only run "apache/etc", all packets to the 65,534 ports are attacks mail servers should only run "sendmail/etc", all packets to the other 65,534 ports are attacks - DDoS attacks consisting of silly spam, virii, worms should be non-issues and imho, is easily mitigated w/ dozens of different foss tools and "company/computer/infrastructure policy" magic pixie dust alvin # # http://DDoS-Mitigator.net ..... http://DDoS-Simulator.net .... #
participants (2)
-
alvin nanog
-
Ragnar Sigurðsson Joensen