[177913] in North American Network Operators' Group
Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Sun Feb 8 13:31:11 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 09 Feb 2015 01:26:30 +0700
In-Reply-To: <CADncWmF3zLmUbP+Drw3WgSsRBQ-xPR4u9z2r0v8KvgeCxZypwg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On 8 Feb 2015, at 23:00, BPNoC Group wrote:
> Mr Dobbins' slides/presentation gives an idea that a proxy (waf,
> whatever) fits sitting unprotected among routers and application
> servers, while its also stateful and fragile enough to deserve
> previous protection.
from p.16 of the presentation in question:
'If stateful firewalls cannot be immediately removed from the
architecture, they must be protected against DDoS via S/RTBH, flowspec,
IDMS, et. al., just like servers!'
from p.19 of the presentation in question:
'Load-balancers must be protected against DDoS - stateless ACLs for
policy enforcement, S/RTBH, flowspec, IDMS, and so forth.'
from p.28 of the presentation in question:
'Reverse-proxy farms must be protected from DDoS via S/RTBH, flowspec,
IDMS, et. al.'
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
