On 15 Apr 2016, at 8:18, Satish Patel wrote:
Router + BGP + ACL
Straight ACLs don't scale during an attack - you need to use flowspec and S/RTBH.
We are currently using Suricata IDS to detect DDoS which is really great Opensource software.
Take a look at flow telemetry - it's far more scalable, and gives you traceback to the ingress point. There're several open-source flow collection/analysis tools out there to help you get started.
----------------------------------- Roland Dobbins <rdobb...@arbor.net> _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
