On Sat, Jul 30, 2016 at 11:05:48PM -0500, Brady Kittel wrote:
> I worked at a shop for a while that used Arbor networks solution
> with good success. From what I recall it requires the upstream
> carrier to support it so you'd have to see if yours do.
I replied offlist to the OP.
There are so many ways to operate denial of service attacks. Some of
them are bandwidth eating (ICMP, SYN, UDP flooding), some of them
attack the assets (HTTP slow accept, high fake query/request,
etc). Each of these needs a slightly different approach.
Arbor Networks works quite well if both ends have it - very true and
also very, very expensive.
F5 has stuff built in to protect assets but also can be very
Fortigate firewalls have some decent stuff in them for relegating
throughput and dropping bad traffic at the edge but will require some
tuning. IPS/IDS is quite good as well. But once the traffic is at your
edge, and the attack is to burn your bandwidth, you've already
lost. But if application attacks are going on then FGT can help.
CloudFlare moves the endpoint into their network and have come a long
way since I first learned of them. Think of it as a reverse proxy for
HTTP-type termination and your global DNS server.
There are so many things that can help mitigate depending on the type
of attack - that needs to be determined :)
Mike Horwath, reachable via [log in to unmask]