nanog mailing list archives
Re: Experience on Wanguard for 'anti' DDOS solutions
From: "marcel.duregards () yahoo fr" <marcel.duregards () yahoo fr>
Date: Sat, 15 Aug 2015 14:07:37 +0200
One thing which is not so obvious is to reduce false positive.This is hard when you have a mix of traffic profiles/patterns within your network, with customers in differents domains (scientists, financials, video addicted, torrent addicted, etc...) with different bandwidth.
a)Does anybody tried to separate ip range by traffic profile to apply specific rule/profile per ip allocation?
puts all financials clients into range X/X and define rule Z puts all scientists clients into range Y/Y and apply rule Q etc.... Does this help ? b) One other method could be to classify customers by their bandwidth. profile 1. from 10-100M profile 2. 100-500M profile 3. 500M-1000M profile 4. >1000MLike this you do not mix big BW with small BW customer, and do not get alerted when client from profile 4 start to download at 1G.
Any experience ?My guess is that solution b is better than a. Not so easy to classify traffic pattern per group of client.
Thank, best regards. - Marcel On 13.08.2015 06:42, Ramy Hashish wrote:
Hello Fabien, And why don't you use A10 for both detection and mitigation? Thanks, Ramy On Wed, Aug 12, 2015 at 6:42 PM, Fabien Delmotte <fdelmotte1 () mac com> wrote:Hello My 2 cents You can use Wanguard for the detection and A10 for the mitigation, you have just to play with the API. Regards FabienLe 12 août 2015 à 16:28, Ramy Hashish <ramy.ihashish () gmail com> a écrit:Date: Tue, 11 Aug 2015 08:14:54 +0200 From: "marcel.duregards () yahoo fr" <marcel.duregards () yahoo fr> To: nanog () nanog org Subject: Re: Experience on Wanguard for 'anti' DDOS solutions Message-ID: <55C992DE.3020906 () yahoo fr> Content-Type: text/plain; charset=windows-1252; format=flowed anybody from this impressive list ?: https://www.andrisoft.com/company/customers -- MarcelAnybody here compared Wanguard's performance with the DDoS vendors in the market (Arbor, Radware, NSFocus, A10, RioRey, Staminus, F5 ......)? Another question, have anybody from the reviewers tested the false positives of the box, or experienced any false positive incidents? Thanks, Ramy
Current thread:
- Re: Experience on Wanguard for 'anti' DDOS solutions, (continued)
- Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 10)
- Re: Experience on Wanguard for 'anti' DDOS solutions Nick Rose (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Aaron (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Matt Taylor (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 11)
- Re: Experience on Wanguard for 'anti' DDOS solutions Fabien Delmotte (Aug 12)
- Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 12)
- Re: Experience on Wanguard for 'anti' DDOS solutions marcel.duregards () yahoo fr (Aug 15)
- Re: Experience on Wanguard for 'anti' DDOS solutions Ramy Hashish (Aug 26)