[j-nsp] Juniper Product against DDoS

Ben Dale bdale at comlinx.com.au
Tue Feb 18 17:12:20 EST 2014


So I had a tech session on the DDoS Secure product a while back and my takeaway was that it is targeted at the low'n'slow style of DDoS rather than volumetric attacks that products like Arbour et. al. assist with mitigating - at the end of the day, you position it logically in front of your servers/LB (it's a transparent bridge).

In drastically simplified terms, it uses a truck load of heuristics and other magic™ to determine whether requests to your infrastructure are machine-based or interactive, and then depending on whether traffic flows are in profile or not (servers under load etc.), reacts.  Webcrawlers and other "legit" machine traffic are also handled gracefully.

The technology behind it looks quite interesting, and coupled with WebApp Secure/Mykonos it is certainly a different take on the typical mod_secure/WAF story for any content providers.

It would be nice if product marketing had picked a slightly less evocative name though - when someone says DDoS, I'm sure most think instantly of pipe-filling packet storms.

Ben 

On 19 Feb 2014, at 1:06 am, Benoit Plessis <b.plessis at doyousoft.com> wrote:

> Le 18/02/2014 15:46, Samol a écrit :
>> Hi Experts,
>> 
>> Does Juniper provide any DDoS solution ? would you please recommend the
>> product line for this solution if there is?
>> 
>> thanks,
> 
> Hi,
> 
> No expert here but there is the DDoS Secure appliance on there sales
> list, something from
> a company recently bougth (http://www.webscreen-technology.com/).
> 
> It's a dell computer server hardware apparently, with a custom (up to
> where?) software.
> 
> I should receive one shortly so shall see ...
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list