I can’t provide a recommendation here… but I saw these boxes just the other day.
http://www.fortinet.com/products/fortiddos/ddos-mitigation-appliances.html Thank you, Daniel White <mailto:afmu...@gmail.com> afmu...@gmail.com Cell: +1 (303) 746-3590 Skype: danieldwhite Social: <http://www.linkedin.com/in/danielwhite84> LinkedIn: <https://twitter.com/DanielWhite84> Twitter From: Af [mailto:af-boun...@afmug.com] On Behalf Of Paul Stewart Sent: Friday, July 10, 2015 4:22 AM To: af@afmug.com Subject: Re: [AFMUG] Denial of service mitigation Possibly .. I only talked with a few of them … and with Prolexic in particular was before Akamai bought them. The biggest show stoppers for me was that they could only handle 10 gig attacks at that time… Also something to remember/share – you need something really solid in place still to detect the attack and signal your “provider” even with a solution like Prolexic. I’ve only ever found one solution that works extremely well for this – Arbor Peakflow… the box isn’t cheap, the annual maintenance is brutally expensive. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Mike Hammett Sent: Thursday, July 9, 2015 10:17 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Denial of service mitigation It probably differs based on the company. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com _____ From: "Paul Stewart" <p...@paulstewart.org <mailto:p...@paulstewart.org> > To: af@afmug.com <mailto:af@afmug.com> Sent: Thursday, July 9, 2015 8:05:09 PM Subject: Re: [AFMUG] Denial of service mitigation When I last looked into it… you definitely didn’t move your AS to them – you provided them LOA’s to announce your IP space via their transit providers. You have to also automate route removal on your side to withdraw the /24 (or whatever block you decide) from your upstream announcements when DDOS occurs to ensure the traffic hits their scrubbing center…. Not ideal in my opinion…. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Andreas Wiatowski Sent: Thursday, July 9, 2015 11:23 AM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Denial of service mitigation >From what I investigated… you move your BGP AS to them…they scrub…secure >tunnel back to your network….. going to call… for the fun of it all…just to >see how expensive the service is. Cheers, ______________________________ Andreas Wiatowski | CEO Silo Wireless Inc. Email andr...@silowireless.com <mailto:andr...@silowireless.com> 19 Sage Court Brantford, Ontario N3R 7T4 (CANADA) Tel +1.519.449.5656 Extension-600|Fax +1.519.449.5536 |Toll Free +1.866.727.4138 Website <http://www.silowireless.com/> http://www.silowireless.com/ | Facebook <http://www.facebook.com/silowireless> http://www.facebook.com/silowireless | Twitter @silowireless This electronic message and all of its contents and attachments contain information from the offices of Silo Wireless Inc., which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee only. If you are not the addressee, then any disclosure, copying, distribution or use of this message, or its contents or any of its attachments, is prohibited. If you have received this electronic message in error, please notify us immediately and destroy the original message and all copies. From: Af [mailto:af-boun...@afmug.com] On Behalf Of TJ Trout Sent: July 9, 2015 12:28 AM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] Denial of service mitigation How's that going to work? Route all of your traffic to them first by VPN? I think that's just for websites...? On Wed, Jul 8, 2015 at 8:57 PM, Seth Mattinen <se...@rollernet.us <mailto:se...@rollernet.us> > wrote: On 7/8/15 7:48 PM, Andreas Wiatowski wrote: Wondering if anyone has a magic answer to DDOS mitigation beyond “buy more bandwidth”? Other than having excess bandwidth to absorb it or null routing the target IP upstream, there's DDoS scrubbing services like Prolexic. ~Seth