We have substantial direct experience with both RioRey and IntruGuard. RR is more plug and play while IG is more robust but both are great. Use a robust firewall such as a Netscreen in front of your mitigation tool.
Best regards, Jeff On Mon, Jan 4, 2010 at 4:19 PM, Rick Ernst <na...@shreddedmail.com> wrote: > Looking for D/DoS mitigation solutions. I've seen Arbor Networks mentioned > several times but they haven't been responsive to literature requests (hint, > if anybody from Arbor is looking...). Our current upstream is 3x GigE from > 3 different providers, each landing on their own BGP endpoint feeding a > route-reflector core. > > I see two possible solutions: > - Netflow/sFlow/***Flow feeding a BGP RTBH > - Inline device > > Netflow can lag a bit in detection. I'd be concerned that inline devices > add an additional point of failure. I'm worried about both failing-open > (e.g. network outage) and false-positives. > > My current system is a home-grown NetFlow parser that spits out syslog to > our NOC to investigate potential attacks and manually enter them into our > RTBH. > > > Any suggestions other than Arbor? Any other mechanisms being used? My idea > is to quash the immediate problem and work additional mitigation with > upstreams if needed. > > I could probably add some automation to my NetFlow/RTBH setup, but I still > need to worry about false-positives. I'd rather somebody else do the hard > work of finding the various edge-cases. > > Thanks, > Rick > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Follow us on Twitter at http://twitter.com/ddosprotection to find out about news, promotions, and (gasp!) system outages which are updated in real time. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."