NoOther
Supreme [H]ardness
- Joined
- May 14, 2008
- Messages
- 6,468
Anyone here work with Arbor, Radware, or similar DDoS solutions?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
DDoS Products/Solutions
- Thread starter NoOther
- Start date
Soldier101
Gawd
- Joined
- Jan 8, 2002
- Messages
- 639
Nicklebon
Gawd
- Joined
- May 22, 2006
- Messages
- 982
Work closely with your ISP and get whatever sensor can tie into their mitigation. If you're attempting to mitigate a DDOS on your side of the circuit the battle is already lost.
This is good advice. Your ISP can do this far better than you can.
NoOther
Supreme [H]ardness
- Joined
- May 14, 2008
- Messages
- 6,468
Actually no they cannot, but we do use the ISP as part of the solution.
If they did i would be surprised if they said anything out in the open
You mean as opposed to the many other sites where people openly talk about it? DDoS is a pretty common thing these days, that is like saying people wouldn't openly talk about firewalls or anti-virus.
Circuit side mitigation is not something you want to rely on. This may work for very sensitive applications that need scrubbed data to not crash (Minecraft comes to mind) without the pipe being saturated.. If your pipe is saturated, it doesn't matter what is on your end of it.
Arbor is essentially a cloud scrubber and works rather well. I've used it for a 9gbit DDoS.
You have know *exactly* what you want to block, or you are going to have downtime for real customers. Depending on your industry that is an SLA-level event which is bad news bears.
Arbor is essentially a cloud scrubber and works rather well. I've used it for a 9gbit DDoS.
You have know *exactly* what you want to block, or you are going to have downtime for real customers. Depending on your industry that is an SLA-level event which is bad news bears.
NoOther
Supreme [H]ardness
- Joined
- May 14, 2008
- Messages
- 6,468
Let me clarify, I know exactly what and why I need these devices. What I am looking for is people who are currently using them.
We have an Arbor Networks Peakflow SP unit that I priced and installed ~6 months ago. It receives netflow statistics from our edge peering routers and not only gives usage information but when it detects the start of a DDoS attack(usually within 15-30 seconds of the attack starting). It will trigger an alarm and notify me as well as trigger a blackhole BGP route and inject it into our routers. On our routers we have rules so that any BGP route that comes in from the Peakflow unit gets taken and sent to our upstream providers with the blackhole route community thereby stopping the traffic from hitting our network at all. That single /32 IP is offline but it's much better than taking down all of my customers and our network.
NoOther
Supreme [H]ardness
- Joined
- May 14, 2008
- Messages
- 6,468
Arbor is what we use now, trying to get some impressions on the other players out there. From what I understand reading here and there this is what it seems to boil down to:
Top Tier
1) NSFOCUS
2) Arbor
Next Tier
3) Radware
4) RioRey
Mostly I want to find someone who has some experience with the other solutions in comparison to Arbor.