DDoS protection recommendations

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: FugtruckLocation: Oklahoma, USA PostPosted: Thu Oct 28, 2010 10:19 pm    Post subject: DDoS protection recommendations
    ----
Any recommendations for something to protect against DDoS attacks, particularly those targeting DNS servers? I need something that is gigabit and preferably supports IPv6.

We currently have a pair of IPS/firewall devices that we really like and they do mitigate the attacks. But they are only 100Mb and we have been hit with floods of 400-800Mb that just overwhelm them, squashing all other traffic.

So we don't need some super duper all-in-one security appliance that will do everything including cook our breakfast for us. We just need to limit these high traffic bursts to a rate that our IPS devices can handle.

Author: Sgt_BLocation: Chicago, IL US PostPosted: Thu Nov 04, 2010 9:52 pm    Post subject:
    ----
There was a somewhat lengthy discussion on how to defend against DDoS attacks here. I'd suggest reading up on that for all the glorious details.

The bottom line is that defense against DDoS (line saturation) is more of a routing and architecture thing than a local appliance thing.



Networking/Security Forums -> Firewalls // Intrusion Detection - External Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group