[81077] in North American Network Operators' Group
Re: IDS/DDOS prevention hardware that doesnt cost $80,000+?
daemon@ATHENA.MIT.EDU (trainier@kalsec.com)
Wed May 25 10:34:10 2005
In-Reply-To: <B9ECBF8D89E7684EB63FF250E8788B191194D1@BIGLOG.thenap.com>
To: nanog@merit.edu
From: trainier@kalsec.com
Date: Wed, 25 May 2005 10:29:57 -0400
Errors-To: owner-nanog@merit.edu
This is a multipart message in MIME format.
--=_alternative 004FFE548525700C_=
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Any firewall/router that supports ratelimiting should suffice for most=20
DDoS mitigation tactics. A program called snort (layer 7 content=20
filtering) should take care of
most of your IDS needs as well.=20
"Drew Weaver" <drew.weaver@thenap.com>=20
Sent by: owner-nanog@merit.edu
05/25/2005 10:45 AM
To
<nanog@merit.edu>
cc
Subject
IDS/DDOS prevention hardware that doesnt cost $80,000+?
I?m wondering if there is such an animal out there? All of the =
ones I have seen are made for the multi-gigabit service provider there=20
aren?t any for the smaller mid-rangers out there. Can anyone suggest=20
anything that we can put in place? The attacks we?re seeing are just a=20
huge influx of PPS not so much the amount of bandwidth.
=20
Offlist to keep chatter low is fine with me.
=20
Sorry to be a bother,
=20
-D
=20
=20
--=_alternative 004FFE548525700C_=
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<br><font size=3D2 face=3D"sans-serif">Any firewall/router that supports ra=
telimiting
should suffice for most DDoS mitigation tactics. A program called
snort (layer 7 content filtering) should take care of</font>
<br><font size=3D2 face=3D"sans-serif">most of your IDS needs as well. &nbs=
p;</font>
<br>
<br>
<br>
<table width=3D100%>
<tr valign=3Dtop>
<td width=3D40%><font size=3D1 face=3D"sans-serif"><b>"Drew Weaver&quo=
t;
<drew.weaver@thenap.com></b> </font>
<br><font size=3D1 face=3D"sans-serif">Sent by: owner-nanog@merit.edu</font>
<p><font size=3D1 face=3D"sans-serif">05/25/2005 10:45 AM</font>
<td width=3D59%>
<table width=3D100%>
<tr>
<td>
<div align=3Dright><font size=3D1 face=3D"sans-serif">To</font></div>
<td valign=3Dtop><font size=3D1 face=3D"sans-serif"><nanog@merit.edu>=
</font>
<tr>
<td>
<div align=3Dright><font size=3D1 face=3D"sans-serif">cc</font></div>
<td valign=3Dtop>
<tr>
<td>
<div align=3Dright><font size=3D1 face=3D"sans-serif">Subject</font></div>
<td valign=3Dtop><font size=3D1 face=3D"sans-serif">IDS/DDOS prevention har=
dware
that doesnt cost $80,000+?</font></table>
<br>
<table>
<tr valign=3Dtop>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=3D2 face=3D"Arial">
I’m wondering if there is such an animal out there? All of the ones I
have seen are made for the multi-gigabit service provider there aren’t
any for the smaller mid-rangers out there. Can anyone suggest anything
that we can put in place? The attacks we’re seeing are just a huge in=
flux
of PPS not so much the amount of bandwidth.</font>
<br><font size=3D2 face=3D"Arial"> </font>
<br><font size=3D2 face=3D"Arial">Offlist to keep chatter low is fine with
me.</font>
<br><font size=3D2 face=3D"Arial"> </font>
<br><font size=3D2 face=3D"Arial">Sorry to be a bother,</font>
<br><font size=3D2 face=3D"Arial"> </font>
<br><font size=3D2 face=3D"Arial">-D</font>
<br><font size=3D2 face=3D"Arial"> </font>
<br><font size=3D2 face=3D"Arial"> </font>
<br>
--=_alternative 004FFE548525700C_=--
