nanog mailing list archives

RE: ddos attacks

From: James Braunegg <james.braunegg () micron21 com>
Date: Thu, 19 Dec 2013 05:34:46 +0000

Dear All

We have been using NSFOCUS Anti DDoS hardware both locally within Australia and Internationally for the past 12 months 
and have been very happy with the platform capabilities and the support provided by their support engineers. For more 
information have a read on their website !

http://www.nsfocus.com/en/index.html

I would highly recommend looking at their ADS, ADS-m and NTA hardware product lines which as a combination provides a 
complete automatic platform with monitoring, detection and surgical cleaning of Layer 4/7 IPv4 and IPv6 traffic 
including providing a client platform !

Of course for any form of Anti DDoS hardware to be functional you need to make sure your network can route and pass the 
traffic so you can absorb the bad traffic to give you a chance cleaning the traffic.

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg () micron21 com<mailto:james.braunegg () micron21 com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ddos-protection<http://www.micron21.com/ddos-protection>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you 
are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than 
the addressee. If you have received this message in error please return the message to the sender by replying to it and 
then delete the message from your computer.



-----Original Message-----
From: Jon Lewis [mailto:jlewis () lewis org]
Sent: Thursday, December 19, 2013 12:04 PM
To: Valdis.Kletnieks () vt edu
Cc: nanog () nanog org
Subject: Re: ddos attacks



On Wed, 18 Dec 2013 Valdis.Kletnieks () vt edu wrote:

On Wed, 18 Dec 2013 15:12:28 -0800, "cb.list6" said:

I am strongly considering having my upstreams to simply rate limit ipv4

UDP. It is the simplest solution that is proactive.

What are the prospects for ipv6 UDP not suffering the same fate?




Roughly 0%, but there's so little v6 traffic compared to v4, you probably

don't have to worry about v6 attack traffic yet...particularly if you're

not dual stack yet.  :)



----------------------------------------------------------------------

  Jon Lewis, MCP :)           |  I route

                              |  therefore you are

_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

Re: ddos attacks Dan White (Dec 18)
- Re: ddos attacks Paul Stewart (Dec 18)
- Re: ddos attacks Peter Phaal (Dec 18)
- <Possible follow-ups>
- Re: ddos attacks cb.list6 (Dec 18)
  - Re: ddos attacks Valdis . Kletnieks (Dec 18)
    - Re: ddos attacks Jon Lewis (Dec 18)
    - RE: ddos attacks James Braunegg (Dec 18)
    - Re: ddos attacks Tore Anderson (Dec 19)
    - Re: ddos attacks Eugeniu Patrascu (Dec 19)
    - Re: ddos attacks Adrian M (Dec 19)
    - Re: ddos attacks Paul Ferguson (Dec 19)
    - Re: ddos attacks Dobbins, Roland (Dec 19)
    - Re: ddos attacks Nick Hilliard (Dec 19)
    - Re: ddos attacks Dobbins, Roland (Dec 19)
    - Re: ddos attacks Nick Hilliard (Dec 19)
    - Re: ddos attacks Dobbins, Roland (Dec 19)
    - Re: ddos attacks Tore Anderson (Dec 19)

(Thread continues...)