hi ramy On 08/26/15 at 12:54pm, Aftab Siddiqui wrote: > > > Anybody here has experienced a PoC for any anti DDoS appliance, or already > > using a anti DDoS appliance in production and able to share his user > > experience/review? > > > > only interested in appliance? why not scrubbing services? is it for own use > (industry reviews before purchase) or some article/publication/research?
see previous similar thread for some "real world reviews by folks" http://mailman.nanog.org/pipermail/nanog/2015-April/074410.html i think a "benchmarking ddos lab" would be fun to build and publish findings.. to test all the ddos appliances from those competitors willing to participate --- for your "reviewing" or collecing info from folks .. - what's your metrics that is important to you ? - what (ddos) problems are you trying to resolve ? - do you want to see the ddos attacks in progress and how you're being attacked http://ddos-mitigator.net/cgi-bin/IPtables-GUI.pl - do you want 100% automated ddos defense with zero false positives :-) my $0.02 ddos experiences n summary over the years, aka mitigation in production use ... usually, arp-based ddos attacks requires fixing your infrastructure, a ddos appliance may not help you usually, udp and icmp ddos attacks can only be resolved by the ISP or scrubbing centers - if you limit udp/icmp at your appliance, the damage is already done, since those packets used your bandwidth, cpu, memory, diskspace and your time spoof'd source addresses can only be resolved by having the ISP preventing outgoing spoofed address ( fix egress filters ) at their edge routers my requirement: all tcp-based ddos attacks must be tarpit'd ... ddos attacks are now 1% of it's peak a few years ago where "firefox google.com" wouldn't come up - you must be able to distinguish legit tcp traffic from ddos attacks which is ez if you build/install/configure the servers properly i want the attacking zombies and script kiddies to pay a penalty for attacking my customer's servers to sustain a 100,000 tcp packets attack requires lots of kernel memory ( 100,000 packets * 1500 byte/packet * 120 seconds ) for 2minute tcp timeouts there are 65,535 tcp they could be attacking ... imho, an ssh-based solution or apache-based solution would be useless ... add another 65,535 udp ports always keep your servers up to date ... patch your OS, apps, etc, etc volumetric attacks can only be resolved by (expensive) ddos scrubbers or installing your own geographcially separated colo in usa, europe, asia like the scrubbers ... if you are high profile target, the ddos attackers probably has more bandwidth than you could afford and the ddos attacks will probably make the evening news magic pixie dust alvin # DDoS-Mitigator.net/Competitors # DDoS-Mitigator.net/InHouse-vs-Cloud # DDoS-Simulator.net #
