Dobbins, Roland wrote:
Firewalls are not designed to mitigate large scale DDoS, unlike
Arbors, but they do a damn good job of mitigating small scale
attacks of all kinds including DDoS.
Not been my experience at all - quite the opposite.
Ok, I'll bite. What firewalls are you referring to?
Their CAM tables, realtime ASICs and low latencies are very
much unlike the CPU-driven, interrupt-bound hardware and
kernel-locking, multi-tasking software on a typical web server.
IME it is a rare firewall that doesn't fail long, long after
(that's after, not before) the hosts behind them would have
otherwise gone belly-up.
Completely incorrect on all counts.
So then you're talking about CPU-driven firewalls, without ASICs e.g.,
consumer-level gear? Well, that would explain why you think they fail
before the servers behind them.
I've been a sysadmin
Have you noticed how easily Drupal servers go down with corrupt MyISAM
tables? How would S/RTBH and/or flow-spec protect against that?
Roger Marquis
