[f-nsp] Serveriron as a part of DoS mitigation/reduction

Jimmy Stewpot mailers at oranged.to
Mon Mar 8 17:05:37 EST 2010


We have firewalls in place for the customers that have these problems. Unfortunately the attacks congest the entire session table and CPU's even putting much larger firewalls in have had little to no affect on stopping or mitigating the DoS. I've been looking for some alternatives to stop the syn/get etc floods before they get to the firewalls.


----- Original Message -----
From: "Jonathan Brashear" <jbrashear at SBSPlanet.com>
To: "Jimmy Stewpot" <mailers at oranged.to>, foundry-nsp at puck.nether.net
Sent: Tuesday, 9 March, 2010 12:50:33 AM
Subject: RE: [f-nsp] Serveriron as a part of DoS mitigation/reduction

IMO a good firewall is going to be significantly more well-prepared for blocking this kind of stuff than a load balancer, depending on your deployment.  Putting a firewall in front of a DNS server isn't a very good idea, but most other situations would call for the firewall over a LB.

Jonathan Brashear
Strategic Business Systems, Inc.
13800 Coppermine Road, Suite 400 | Herndon, VA 20171
Corporate: 703.766.8950 | Cell: 214.850.5986 
Please visit our web site at www.sbsplanet.com


-----Original Message-----
From: foundry-nsp-bounces at puck.nether.net [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Jimmy Stewpot
Sent: Sunday, March 07, 2010 5:18 PM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] Serveriron as a part of DoS mitigation/reduction

Hello,

I am currently investigating various products in relation to developing a product around DoS mitigation/clean pipe style stuff. I am interested to know if anyone has any exposure to using the DoS mitigation features within the Serveriron product range. Specifically the ADX.

We have been looking at having a range of different solutions to protect against the various different types of DoS attacks. So far we have the following primary attack types which our customers have faced over time.

- TCP SYN flood.
- HTTP GET Attacks.
- SMTP connection flooding.
- DNS 'storm'.

Given the nature of these attacks we have been looking at the possibility of having some load balancers and some 'secure proxies' which would help protect against the GET style attacks. The SMTP stuff we have an internal smtp cluster which we can route to which can handle millions of concurrent connections. 

I am keen to know what other peoples experience in this area is like and if anyone can provide some feedback.

Regards,

Jimmy.
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp



The information contained in this transmission may contain privileged and confidential information. 
It is intended only for the use of the person(s) named above. If you are not the intended  
recipient, you are hereby notified that any review, dissemination, distribution or  
duplication of this communication is strictly prohibited. If you are not the intended recipient, 
please contact the sender by reply email and destroy all copies of the original message. 
To reply to our email administrator directly, please send an email to postmaster at sbsplanet.com.




More information about the foundry-nsp mailing list