nanog mailing list archives

Re: PoC for shortlisted DDoS Vendors

From: Mohamed Kamal <mkamal () noor net>
Date: Thu, 02 Apr 2015 18:13:07 +0300

Hello Pavel,

I'm certainly biased to the open-source tools if they do the job
required, and I appreciate your effort exerted on this project. However,
based upon what I saw under the "features" list of your tool, I assume
that it can detect only volumetric DDoS attacks based upon anomalies
such as excessive number of packets/bits/connections/flows per second
based upon some previously learnt or set threshold values.

But what about the protocol types of attack, which, in my humble opinion
is becoming more aggressive day after day?

Mohamed Kamal
Core Network Sr. Engineer

On 4/2/2015 5:03 PM, Pavel Odintsov wrote:

Hello!

What about open source alternatives? Main part of commercial ddos
filters are simple high performace firewalls with detection logic
(which much times more stupid than well trained network engineer). 

But attacks for ISP is not arrived so iften and detection part coukd
be executed manually (or with oss tools like netflow analyzers or my
own FastNetMon toolkit).

For wire speed filtration on 10ge (and even more if you have modern
cpu; up to 40ge) you could use netmap-ipfw with linux or freebsd with
simple patches (for enabling multy process mode).

On Thursday, April 2, 2015, dennis () justipit com
<mailto:dennis () justipit com> <dennis () justipit com
<mailto:dennis () justipit com>> wrote:

    You should include Radware on that list .

    ----- Reply message -----
    From: "Mohamed Kamal" <mkamal () noor net <javascript:;>>
    To: "NANOG" <nanog () nanog org <javascript:;>>
    Subject: PoC for shortlisted DDoS Vendors
    Date: Wed, Apr 1, 2015 9:51 AM

    In our effort to pick up a reasonably priced DDoS appliance with a
    competitive features, we're in a process of doing a PoC for the
    following shortlisted vendors:

    1- RioRey
    2- NSFocus
    3- Arbor
    4- A10

    The setup will be inline. So it would be great if anyone have done
    this
    before and can help provide the appropriate tools, advices, or the
    testing documents for efficient PoC.

    Thanks.

    --
    Mohamed Kamal
    Core Network Sr. Engineer



-- 
Sincerely yours, Pavel Odintsov

Current thread:

PoC for shortlisted DDoS Vendors Mohamed Kamal (Apr 01)
- Re: PoC for shortlisted DDoS Vendors John Kristoff (Apr 02)
- Re: PoC for shortlisted DDoS Vendors Joe Chisolm (Apr 02)
- <Possible follow-ups>
- Re: PoC for shortlisted DDoS Vendors Kenneth McRae (Apr 01)
- Re: PoC for shortlisted DDoS Vendors dennis () justipit com (Apr 02)
- Re: PoC for shortlisted DDoS Vendors Pavel Odintsov (Apr 02)
  - Re: PoC for shortlisted DDoS Vendors Mohamed Kamal (Apr 02)
    - Re: PoC for shortlisted DDoS Vendors Pavel Odintsov (Apr 02)
- Re: PoC for shortlisted DDoS Vendors Arzhel Younsi (Apr 06)
  - RE: PoC for shortlisted DDoS Vendors Kate Gerry (Apr 06)