[160123] in North American Network Operators' Group
Re: box against dos/ddos
daemon@ATHENA.MIT.EDU (Carlos Kamtha)
Thu Jan 31 13:53:09 2013
Date: Thu, 31 Jan 2013 13:52:56 -0500
From: Carlos Kamtha <kamtha@ak-labs.net>
To: Piotr <piotr.1234@interia.pl>
In-Reply-To: <510A81B5.9050204@interia.pl>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Arbour Peakflow is probably the way to go.
However if you don't want to spend a ton of money, you might
want to consider using a stub router +bgp coupled with a server
running the appropriate SNMP tools (perhaps cacti) to publish your desired data.
It's not the most convenient solution but it should do..
Cheers.
-CK
On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
> Hi,
>
> I looking some box (vendor, model), which i can put out of the
> main/product network, which can analyze packets netflow,sflow,syslog
> from bgp router(s) and after discover some anomaly it can do some
> action, for example:
>
> - Box have bgp session with bgp router and advertise attacked ip prefix
> with some community. Bgp router set next-hop for this prefix to /dev/null
>
> Normal traffic via bgp router is about 1G/s in and 10G/s out
>
> What is worth of looking and what you suggest ?
>
> thanks for help,
> Piotr
