[j-nsp] Cisco vs Juniper confused
Roland Dobbins
rdobbins at arbor.net
Thu Apr 14 22:12:36 EDT 2016
On 15 Apr 2016, at 8:18, Satish Patel wrote:
> Router + BGP + ACL
Straight ACLs don't scale during an attack - you need to use flowspec
and S/RTBH.
> We are currently using Suricata IDS to detect DDoS which is really
> great Opensource software.
Take a look at flow telemetry - it's far more scalable, and gives you
traceback to the ingress point. There're several open-source flow
collection/analysis tools out there to help you get started.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the juniper-nsp
mailing list