[c-nsp] Any good Cisco (or other vendor) appliances for application server DDoS prevention?

Steve Bertrand steve at ibctech.ca
Mon Dec 21 20:23:11 EST 2009


Dobbins, Roland wrote:

> S/RTBH is definitely something I'd recommend as a good first step, 

...which in the case of a significant (relative) attack is enough to
mitigate the DoS long enough so you can get your upstream(s) to combat
it before it reaches you (looking at it from a 'small' operation).

Hopefully, the upstream(s) do S/RTBH, so they can blackhole the problem
for you after you've proven your case to them, while they work with you
to validate and combat the issue.

I've even heard of some 'upstream' providers offering a community, that
after you've proven yourself to have clue, will allow you to BH up to a
/29 within their network...

Steve

ps. this is looking at the issue from a standpoint that not all DDoSs
are bandwidth-saturating. Most that I've faced have not involved
bandwidth saturation, but denial of service via more strategic,
thoughtful and intriguing means.


More information about the cisco-nsp mailing list