Re: [AFMUG] Procera CG NAT

2016-04-18 Thread Paul Stewart 
We tested some of their boxes and the results were horrible … not sure if 
you’ve used it yourself or just making a friendly suggestion to check out … we 
tested Corero against A10 and Arbor for reference

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Friday, April 15, 2016 11:19 AM
To: Animal Farm <af@afmug.com>
Subject: Re: [AFMUG] Procera CG NAT

 

https://www.corero.com/products/corero-smartwall-threat-defense-system.html

 

On Fri, Apr 15, 2016 at 11:15 AM, Andreas Wiatowski <andr...@silowireless.com 
<mailto:andr...@silowireless.com> > wrote:

So what are people doing to do CGN and get around DDOS to a single IP?  We have 
been doing it on the edge, but the minute a single subscriber gets attacked we 
have network impact….. there is no way to suppress, my understanding is that if 
we moved the edge onto the Procera, it can distinguish traffic and suppress an 
attack.

 

As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps attacks…we 
have changed the natted address to get around, but even then we sometimes have 
the attack follow to the new address.

 

This is becoming a nightmare to manage.  If only I could give every customer a 
public!

 

Cheers,

__

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email  andr...@silowireless.com <mailto:andr...@silowireless.com> 

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)

Tel +1.519.449.5656 <tel:%2B1.519.449.5656%C2%A0%20Extension-600>   
Extension-600|Fax +1.519.449.5536 <tel:%2B1.519.449.5536>  |Toll Free 
+1.866.727.4138 <tel:%2B1.866.727.4138> 

 

From: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] On Behalf 
Of Gino Villarini
Sent: Friday, April 15, 2016 11:05 AM
To: Animal Farm <af@afmug.com <mailto:af@afmug.com> >
Subject: Re: [AFMUG] Procera CG NAT

 

afaik, Procera does not support CG NAT 

 

On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski <andr...@silowireless.com 
<mailto:andr...@silowireless.com> > wrote:

Anyone using CG NAT with Procera…specifically to supress DDOS?

 

Cheers,

__

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email  andr...@silowireless.com <mailto:andr...@silowireless.com> 

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)

Tel +1.519.449.5656 <tel:%2B1.519.449.5656%C2%A0%20Extension-600>   
Extension-600|Fax +1.519.449.5536 <tel:%2B1.519.449.5536>  |Toll Free 
+1.866.727.4138 <tel:%2B1.866.727.4138>

Re: [AFMUG] Procera CG NAT

2016-04-18 Thread Paul Stewart 
Procera does not handle DDOS events very well … just a word of caution on that 
based on recent experiences.  You really should look at something in front of 
the Procera to protect it.  This is all relevant to traffic levels though – 
just make sure you understand the capabilities of whichever hardware you are 
using (ie. 8920).  

 

Yes – too bad you can’t utilize public IP’s for your customers .. would save 
you a lot of headaches.  However, it would just spread out the DDOS impact 
(meaning the attacks would of course still be there – just wider in aspect)…. 4 
Gig attacks are not very large at network edge

 

Paul

 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Andreas Wiatowski
Sent: Friday, April 15, 2016 11:15 AM
To: af@afmug.com
Subject: Re: [AFMUG] Procera CG NAT

 

So what are people doing to do CGN and get around DDOS to a single IP?  We have 
been doing it on the edge, but the minute a single subscriber gets attacked we 
have network impact….. there is no way to suppress, my understanding is that if 
we moved the edge onto the Procera, it can distinguish traffic and suppress an 
attack.

 

As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps attacks…we 
have changed the natted address to get around, but even then we sometimes have 
the attack follow to the new address.

 

This is becoming a nightmare to manage.  If only I could give every customer a 
public!

 

Cheers,

__

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email   <mailto:andr...@silowireless.com> andr...@silowireless.com

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)

Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free 
+1.866.727.4138

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Friday, April 15, 2016 11:05 AM
To: Animal Farm <af@afmug.com <mailto:af@afmug.com> >
Subject: Re: [AFMUG] Procera CG NAT

 

afaik, Procera does not support CG NAT 

 

On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski <andr...@silowireless.com 
<mailto:andr...@silowireless.com> > wrote:

Anyone using CG NAT with Procera…specifically to supress DDOS?

 

Cheers,

__

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email  andr...@silowireless.com <mailto:andr...@silowireless.com> 

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)

Tel +1.519.449.5656 <tel:%2B1.519.449.5656%C2%A0%20Extension-600>   
Extension-600|Fax +1.519.449.5536 <tel:%2B1.519.449.5536>  |Toll Free 
+1.866.727.4138 <tel:%2B1.866.727.4138>

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread SmarterBroadband 
What kind of price is the smallest model (10Gbps Full Duplex)?

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Friday, April 15, 2016 8:19 AM
To: Animal Farm
Subject: Re: [AFMUG] Procera CG NAT

 

https://www.corero.com/products/corero-smartwall-threat-defense-system.html

 

On Fri, Apr 15, 2016 at 11:15 AM, Andreas Wiatowski <andr...@silowireless.com> 
wrote:

So what are people doing to do CGN and get around DDOS to a single IP?  We have 
been doing it on the edge, but the minute a single subscriber gets attacked we 
have network impact….. there is no way to suppress, my understanding is that if 
we moved the edge onto the Procera, it can distinguish traffic and suppress an 
attack.

 

As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps attacks…we 
have changed the natted address to get around, but even then we sometimes have 
the attack follow to the new address.

 

This is becoming a nightmare to manage.  If only I could give every customer a 
public!

 

Cheers,

__

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email  andr...@silowireless.com

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)

Tel +1.519.449.5656 <tel:%2B1.519.449.5656%C2%A0%20Extension-600>   
Extension-600|Fax +1.519.449.5536 <tel:%2B1.519.449.5536>  |Toll Free 
+1.866.727.4138 <tel:%2B1.866.727.4138> 

 

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Friday, April 15, 2016 11:05 AM
To: Animal Farm <af@afmug.com>
Subject: Re: [AFMUG] Procera CG NAT

 

afaik, Procera does not support CG NAT 

 

On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski <andr...@silowireless.com> 
wrote:

Anyone using CG NAT with Procera…specifically to supress DDOS?

 

Cheers,

__

Andreas Wiatowski | CEO

Silo Wireless Inc.

Email  andr...@silowireless.com

19 Sage Court

Brantford, Ontario N3R 7T4 (CANADA)

Tel +1.519.449.5656 <tel:%2B1.519.449.5656%C2%A0%20Extension-600>   
Extension-600|Fax +1.519.449.5536 <tel:%2B1.519.449.5536>  |Toll Free 
+1.866.727.4138 <tel:%2B1.866.727.4138>

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Josh Reynolds 
It does, actually.

On Fri, Apr 15, 2016 at 10:04 AM, Gino Villarini  wrote:
> afaik, Procera does not support CG NAT
>
> On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski
>  wrote:
>>
>> Anyone using CG NAT with Procera…specifically to supress DDOS?
>>
>>
>>
>> Cheers,
>>
>> __
>>
>> Andreas Wiatowski | CEO
>>
>> Silo Wireless Inc.
>>
>> Email  andr...@silowireless.com
>>
>> 19 Sage Court
>>
>> Brantford, Ontario N3R 7T4 (CANADA)
>>
>> Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free
>> +1.866.727.4138
>>
>>
>
>

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Andreas Wiatowski 
Have you used this product / or using…. Any idea of cost for a 10Gbps appliance?

Cheers,
__
Andreas Wiatowski | CEO
Silo Wireless Inc.
Email  andr...@silowireless.com
19 Sage Court
Brantford, Ontario N3R 7T4 (CANADA)
Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free 
+1.866.727.4138

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Friday, April 15, 2016 11:19 AM
To: Animal Farm <af@afmug.com>
Subject: Re: [AFMUG] Procera CG NAT

https://www.corero.com/products/corero-smartwall-threat-defense-system.html

On Fri, Apr 15, 2016 at 11:15 AM, Andreas Wiatowski 
<andr...@silowireless.com<mailto:andr...@silowireless.com>> wrote:
So what are people doing to do CGN and get around DDOS to a single IP?  We have 
been doing it on the edge, but the minute a single subscriber gets attacked we 
have network impact….. there is no way to suppress, my understanding is that if 
we moved the edge onto the Procera, it can distinguish traffic and suppress an 
attack.

As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps attacks…we 
have changed the natted address to get around, but even then we sometimes have 
the attack follow to the new address.

This is becoming a nightmare to manage.  If only I could give every customer a 
public!

Cheers,
__
Andreas Wiatowski | CEO
Silo Wireless Inc.
Email  andr...@silowireless.com<mailto:andr...@silowireless.com>
19 Sage Court
Brantford, Ontario N3R 7T4 (CANADA)
Tel +1.519.449.5656  
Extension-600<tel:%2B1.519.449.5656%C2%A0%20Extension-600>|Fax 
+1.519.449.5536<tel:%2B1.519.449.5536> |Toll Free 
+1.866.727.4138<tel:%2B1.866.727.4138>

From: Af [mailto:af-boun...@afmug.com<mailto:af-boun...@afmug.com>] On Behalf 
Of Gino Villarini
Sent: Friday, April 15, 2016 11:05 AM
To: Animal Farm <af@afmug.com<mailto:af@afmug.com>>
Subject: Re: [AFMUG] Procera CG NAT

afaik, Procera does not support CG NAT

On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski 
<andr...@silowireless.com<mailto:andr...@silowireless.com>> wrote:
Anyone using CG NAT with Procera…specifically to supress DDOS?

Cheers,
__
Andreas Wiatowski | CEO
Silo Wireless Inc.
Email  andr...@silowireless.com<mailto:andr...@silowireless.com>
19 Sage Court
Brantford, Ontario N3R 7T4 (CANADA)
Tel +1.519.449.5656  
Extension-600<tel:%2B1.519.449.5656%C2%A0%20Extension-600>|Fax 
+1.519.449.5536<tel:%2B1.519.449.5536> |Toll Free 
+1.866.727.4138<tel:%2B1.866.727.4138>

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Andreas Wiatowski 
Tough to find out who is creating the issueour edge can't handle the flood.

Cheers,
__
Andreas Wiatowski | CEO
Silo Wireless Inc.
Email  andr...@silowireless.com
19 Sage Court
Brantford, Ontario N3R 7T4 (CANADA)
Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free 
+1.866.727.4138

-Original Message-
From: Af [mailto:af-boun...@afmug.com] On Behalf Of Seth Mattinen
Sent: Friday, April 15, 2016 11:24 AM
To: af@afmug.com
Subject: Re: [AFMUG] Procera CG NAT

On 4/15/16 8:15 AM, Andreas Wiatowski wrote:
> So what are people doing to do CGN and get around DDOS to a single IP?
> We have been doing it on the edge, but the minute a single subscriber 
> gets attacked we have network impact….. there is no way to suppress, 
> my understanding is that if we moved the edge onto the Procera, it can 
> distinguish traffic and suppress an attack.
>
> As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps 
> attacks…we have changed the natted address to get around, but even 
> then we sometimes have the attack follow to the new address.
>
> This is becoming a nightmare to manage.  If only I could give every 
> customer a public!
>



Many times it's related to online gaming. Have you tried identifying xbox/ps 
users and making them NAT from a separate IP than your non-gaming customer to 
see if it follows them?

~Seth

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Seth Mattinen 

On 4/15/16 8:15 AM, Andreas Wiatowski wrote:

So what are people doing to do CGN and get around DDOS to a single IP?
We have been doing it on the edge, but the minute a single subscriber
gets attacked we have network impact….. there is no way to suppress, my
understanding is that if we moved the edge onto the Procera, it can
distinguish traffic and suppress an attack.

As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps
attacks…we have changed the natted address to get around, but even then
we sometimes have the attack follow to the new address.

This is becoming a nightmare to manage.  If only I could give every
customer a public!





Many times it's related to online gaming. Have you tried identifying 
xbox/ps users and making them NAT from a separate IP than your 
non-gaming customer to see if it follows them?


~Seth

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Gino Villarini 
https://www.corero.com/products/corero-smartwall-threat-defense-system.html

On Fri, Apr 15, 2016 at 11:15 AM, Andreas Wiatowski <
andr...@silowireless.com> wrote:

> So what are people doing to do CGN and get around DDOS to a single IP?  We
> have been doing it on the edge, but the minute a single subscriber gets
> attacked we have network impact….. there is no way to suppress, my
> understanding is that if we moved the edge onto the Procera, it can
> distinguish traffic and suppress an attack.
>
>
>
> As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps
> attacks…we have changed the natted address to get around, but even then we
> sometimes have the attack follow to the new address.
>
>
>
> This is becoming a nightmare to manage.  If only I could give every
> customer a public!
>
>
>
> Cheers,
>
> __
>
> Andreas Wiatowski | CEO
>
> Silo Wireless Inc.
>
> Email  andr...@silowireless.com
>
> 19 Sage Court
>
> Brantford, Ontario N3R 7T4 (CANADA)
>
> Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free
> +1.866.727.4138
>
>
>
> *From:* Af [mailto:af-boun...@afmug.com] *On Behalf Of *Gino Villarini
> *Sent:* Friday, April 15, 2016 11:05 AM
> *To:* Animal Farm <af@afmug.com>
> *Subject:* Re: [AFMUG] Procera CG NAT
>
>
>
> afaik, Procera does not support CG NAT
>
>
>
> On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski <
> andr...@silowireless.com> wrote:
>
> Anyone using CG NAT with Procera…specifically to supress DDOS?
>
>
>
> Cheers,
>
> __
>
> Andreas Wiatowski | CEO
>
> Silo Wireless Inc.
>
> Email  andr...@silowireless.com
>
> 19 Sage Court
>
> Brantford, Ontario N3R 7T4 (CANADA)
>
> Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free
> +1.866.727.4138
>
>
>
>
>

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Andreas Wiatowski 
So what are people doing to do CGN and get around DDOS to a single IP?  We have 
been doing it on the edge, but the minute a single subscriber gets attacked we 
have network impact….. there is no way to suppress, my understanding is that if 
we moved the edge onto the Procera, it can distinguish traffic and suppress an 
attack.

As of late, we get 1 to 2 attacks a week…. We have seen 2.8-4Gbps attacks…we 
have changed the natted address to get around, but even then we sometimes have 
the attack follow to the new address.

This is becoming a nightmare to manage.  If only I could give every customer a 
public!

Cheers,
__
Andreas Wiatowski | CEO
Silo Wireless Inc.
Email  andr...@silowireless.com
19 Sage Court
Brantford, Ontario N3R 7T4 (CANADA)
Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free 
+1.866.727.4138

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gino Villarini
Sent: Friday, April 15, 2016 11:05 AM
To: Animal Farm <af@afmug.com>
Subject: Re: [AFMUG] Procera CG NAT

afaik, Procera does not support CG NAT

On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski 
<andr...@silowireless.com<mailto:andr...@silowireless.com>> wrote:
Anyone using CG NAT with Procera…specifically to supress DDOS?

Cheers,
__
Andreas Wiatowski | CEO
Silo Wireless Inc.
Email  andr...@silowireless.com<mailto:andr...@silowireless.com>
19 Sage Court
Brantford, Ontario N3R 7T4 (CANADA)
Tel +1.519.449.5656  
Extension-600<tel:%2B1.519.449.5656%C2%A0%20Extension-600>|Fax 
+1.519.449.5536<tel:%2B1.519.449.5536> |Toll Free 
+1.866.727.4138<tel:%2B1.866.727.4138>

Re: [AFMUG] Procera CG NAT

2016-04-15 Thread Gino Villarini 
afaik, Procera does not support CG NAT

On Fri, Apr 15, 2016 at 10:41 AM, Andreas Wiatowski <
andr...@silowireless.com> wrote:

> Anyone using CG NAT with Procera…specifically to supress DDOS?
>
>
>
> Cheers,
>
> __
>
> Andreas Wiatowski | CEO
>
> Silo Wireless Inc.
>
> Email  andr...@silowireless.com
>
> 19 Sage Court
>
> Brantford, Ontario N3R 7T4 (CANADA)
>
> Tel +1.519.449.5656  Extension-600|Fax +1.519.449.5536 |Toll Free
> +1.866.727.4138
>
>
>