[c-nsp] Any good Cisco (or other vendor) appliances for application server DDoS prevention?
Barry Raveendran Greene
bgreene at senki.org
Mon Dec 21 22:03:50 EST 2009
> Dobbins, Roland wrote:
>
> > S/RTBH is definitely something I'd recommend as a good first step,
>
> ...which in the case of a significant (relative) attack is enough to
> mitigate the DoS long enough so you can get your upstream(s) to combat
> it before it reaches you (looking at it from a 'small' operation).
>
> Hopefully, the upstream(s) do S/RTBH, so they can blackhole the problem
> for you after you've proven your case to them, while they work with you
> to validate and combat the issue.
For those who are wondering what S/RTBH is all about, check out the tutorial
given at NANOG:
My post with PPT slides: http://www.senki.org/?p=696
The NANOG Link
http://www.nanog.org/meetings/nanog47/abstracts.php?pt=MTQ0NCZuYW5vZzQ3&nm=n
anog47
It has information on how D/RTBH and S/RTBH are used - as well as BGP
Shunts, Sink Holes, etc. Enterprise networks should take the time to know
what their upstream provider can do for them in a DDOS Emergency.
> I've even heard of some 'upstream' providers offering a community, that
> after you've proven yourself to have clue, will allow you to BH up to a
> /29 within their network...
"Customer Triggered RTBH." Works well in several SP networks.
More information about the cisco-nsp
mailing list