[c-nsp] Any good Cisco (or other vendor) appliances for application server DDoS prevention?
Dobbins, Roland
rdobbins at arbor.net
Mon Dec 21 18:44:17 EST 2009
On Dec 22, 2009, at 2:39 AM, Drew Weaver wrote:
> I'm currently searching for a firewall appliance which can also handle application server DDoS mitigation on a small scale (not network wide).
Firewalls are policy-enforcement devices and don't offer DDoS mitigation capabilities, marketing claims aside. Firewalls are DDoS chokepoints, and have no place in front of servers, as 'stateful inspection' makes no sense whatsoever when every inbound packet is unsolicited in the first place, heh.
Before going and buying a dedicated DDoS mitigation system from any vendor, it's generally a good idea to ensure one's leveraging the existing capabilities of one's existing infrastructure. S/RTBH is definitely something I'd recommend as a good first step, prior to spending any additional monies.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the cisco-nsp
mailing list