[160125] in North American Network Operators' Group
RE: box against dos/ddos
daemon@ATHENA.MIT.EDU (Dixon, Justin)
Thu Jan 31 14:13:15 2013
From: "Dixon, Justin" <Justin.Dixon@BBandT.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 31 Jan 2013 19:12:21 +0000
In-Reply-To: <20130131185256.GA78332@ak-labs.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Carlos Kamtha [mailto:kamtha@ak-labs.net]
> Sent: Thursday, January 31, 2013 13:53
> To: Piotr
> Cc: nanog@nanog.org
> Subject: Re: box against dos/ddos
>=20
>=20
> Arbour Peakflow is probably the way to go.
>=20
> However if you don't want to spend a ton of money, you might
> want to consider using a stub router +bgp coupled with a server
> running the appropriate SNMP tools (perhaps cacti) to publish your desire=
d
> data.
>=20
> It's not the most convenient solution but it should do..
>=20
> Cheers.
>=20
> -CK
>=20
> On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
> > Hi,
> >
> > I looking some box (vendor, model), which i can put out of the
> > main/product network, which can analyze packets netflow,sflow,syslog
> > from bgp router(s) and after discover some anomaly it can do some
> > action, for example:
> >
> > - Box have bgp session with bgp router and advertise attacked ip prefix
> > with some community. Bgp router set next-hop for this prefix to
> /dev/null
> >
> > Normal traffic via bgp router is about 1G/s in and 10G/s out
> >
> > What is worth of looking and what you suggest ?
> >
> > thanks for help,
> > Piotr
Most larger ISPs offer this as a service that you can add on with existing =
contracts. They usually guarantee up to a certain bandwidth level what they=
will provide as "clean pipe service". Be advised most ISPs are only able t=
o scrub to L3, anything higher and you have to start looking at Verisign, P=
rolexic or similar and/or something in house. Especially for SSL based atta=
cks.
Thanks.
Justin
