[c-nsp] Opinions of DDoS appliances, other techniques, most notably Cisco Guard
Drew Weaver
drew.weaver at thenap.com
Sun Mar 15 11:54:02 EDT 2009
Hi,
Does anyone here have any real world experience with Cisco Guard or other products such as Arbor's Peakflow that they can share?
If you've tried multiple systems and ended up with a specific one, please share the reasoning behind it.
Also, without a dedicated DDoS system deployed, what is the most reliable/fastest way to determine the destination(s) of the attacks (SNMP, NetFlow, etc)?
Any particular software tools which are helpful for detecting this, NetFlow for us has been slightly difficult to use for this task mainly because we haven't found software that is really designed for security rather than performance (would be nice if it did both?)
Either systems/techniques that automatically mitigate or systems that simply recommend mitigation steps/alert are both being evaluated.
By mitigation I mean Null routing sources, null routing destinations upstream (via communities), et cetera.
Any opinions would be helpful, we'd need something that will handle 3-6Gbps and is hopefully vertically scalable.
Thanks,
-Drew
More information about the cisco-nsp
mailing list