[c-nsp] Cisco Guard & the detection/mitigation modules for the 6500
Swaroop Potdar
Swaroop.Potdar at Corliant.com
Mon Oct 2 17:17:54 EDT 2006
Well for the statement used,
"over buying bandwidth is not a proper solution to the problem of DDoS
attacks."
For this to be achieved the detection modules need to be deployed in a distributed manner,
And the Guard could be in a centralized place. So ideally what happens is when the detectors
sense a Traffic Anomaly they plug in a route towards the Guard and the Guard examines it further with its inbuilt
anomaly signatures. If the traffic has some matches its black holed. And if its good traffic it gets sent back to the original destination.
In this effectively we are diverting the traffic from the affected site, hereby reducing oversubcription of bandwdith on the link towrds that PoP or site. And by centrally examining that traffic first before sending it to the original destination.
HTH-Cheers,
Swaroop
-----Original Message-----
From: Drew Weaver [mailto:drew.weaver at thenap.com]
Sent: Tue 10/3/2006 2:38 AM
To: cisco-nsp at puck.nether.net
Cc:
Subject: [c-nsp] Cisco Guard & the detection/mitigation modules for the 6500
Hi there, I am looking for first hand experience on the Cisco Guard
products, as well as any opinions on the anomaly line of service cards
for the 6500 series switch.
I've read the cisco marketing on the products and it states that "over
buying bandwidth is not a proper solution to the problem of DDoS
attacks." However, I am not certain how any hardware is going to prevent
transit lines from being flooded before it reaches your edge interface.
Does anyone have any idea how and if these products work?
Thanks,
-Drew
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list