A stateful firewall outside of your router may create a new bottleneck which increases your risk of DoS. Making sure that you know (and document, and test) how to effectively contact your service providers should you be attacked would be a good idea. Find out if your service providers have BGP communities for remote triggered black hole (document and test). A denial of service will break the weakest link in the chain toward your services, so make sure you have appropriate bandwidth, a reasonable server architecture, and if you have money to burn consider a DDoS mitigation service.
-Ryan On Wed, Jan 19, 2011 at 7:35 PM, Brandon Kim <brandon....@brandontek.com>wrote: > > Gents: > > What measures do you take to protect your border routers? Our routers are > running BGP so I'm interested > if there is any way to secure them without interfering with BGP? Is it > normal to put a firewall in front of the > border routers? > > I'm concerned about DDOS attacks mainly....although we haven't had any, I > don't welcome them..... > > Brandon > > > > >