Arbor View PeakFlow are used

carl_townshend · ‎11-26-2014

Hi all

Can anyone tell me the following

Can firewalls and IPS stop DDOS attacks? I see they can do basic protection, syn floods etc but they arent specifically designed to do so? is this correct?

Where would we best place these ddos devices, infront of the firewall or isp router?

how do they work, do they absorb and let through the legitimate traffic ?

cheers

shinumathew123 · ‎11-26-2014

Hi Carl,

Cisco ASA has option to protect from DDOS attack .

You have to create embryonic connection settings in the ASA.

Below link will guide you for the configuration

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/conns_connlimits.pdf

Regards,

Shinu Kuruvila

Vibhor Amrodia · ‎11-26-2014

Hi,

I think as you pointed out an actual DDOS attack would be very hard to stop against any firewall.

In most of the DDOS cases , we recommend blocking the attcking port or IP's being blocked on the ISP end.

It is always preferred to have the DDOS protection upstream to the ASA device as that will prevent those packets from even reaching the ASA device and causing this issue. I would recommend placing it somewhere between the ISP and ASA device.

Thanks and Regards,

Vibhor Amrodia

subhojithalder198 · ‎11-27-2014

Hi

Which company can provide that device ? Juniper UTM will work ?

Deepak Chauhan · ‎11-27-2014

Arbor View PeakFlow are used to mitigate DOS & DDOS Attack.

Karsten Iwen · ‎11-26-2014

You are right that the ASA has only minimal protection against DDOS. There are specialized devices available, but I think that Cisco doesn't have anything in the portfolio any more. Some time ago there was the Cisco Guard XT, but that is EOS/EOL.

If you are having problems with DDOS, the only one that really can help you is your provider. Whatever device you place into your network, they all can't help if your internet-link is completely saturated.

ddos protection