Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
5
Replies

Strategies against DDos

m.rainer
Level 1
Level 1

‎05-02-2004 11:39 PM - edited ‎03-09-2019 07:15 AM

Hallo,

At customer side we have DDoS. It's a massive TCP SYN Attack with bandwith up to 500 MBit/s. Maybe future can bring more than that bandwith, who knows?

My question regarding that Attack is: What is the best strategie against that attacks? We have thinking about Catalyst 6500 and content engine module or Firewall Service Module. But Firewall Service Module can do about 100,000 connections per second and maybe that's not enough I think.

Does anybody solved that problem before?

Thanks Markus

Labels:
0 Helpful
5 Replies 5

yusuff
Cisco Employee
Cisco Employee

‎05-02-2004 11:50 PM

For attacks like this you need tools/products such as Arbor Networks' (a Cisco development partner) anomaly detection system and/or Cisco's recent acquisition of Riverhead - a leading developer of security technology that protects against Distributed Denial of Service ("DDoS") attacks and other security threats in enterprise and service provider networks.

By comparing traffic flows to learned profiles of normal traffic patterns, behavior, and protocol compliance, these cutting-edge technology can quickly and accurately identify and mitigate a broad range of known as well as previously unseen security attacks.

my 2 cents.

Yusuf

0 Helpful

m.rainer
Level 1
Level 1
In response to yusuff

‎05-03-2004 01:51 AM

Thanks a lot for your answer! I have some presentation materials about Riverhead. Because of the pricing strategie of riverhead (and some other reasons like know how...) I would prefer a cisco only solution (pix 535, ids, fwsm, content engine module with catalyst 6500...)

Do you know a cisco solution too?

The solution with arbor networks seems to be nice, but does that handle gigabit traffic too?

Thanks

Markus

0 Helpful

Not applicable
In response to m.rainer

‎05-03-2004 02:31 AM

Riverhead's technology is now Cisco Technology.

If you want a cisco only solution - well there you go. Seriously though, the Guard (called the 5650 now?) is your only real choice to mitigate 500mb/sec DDoS attacks.

-D

Darrel Lewis

consulting engineer

dlewis@cisco.com

0 Helpful

davecs
Level 1
Level 1

‎06-30-2004 09:30 PM

hi,

really you should be worried about your internet pipe filling up - in which case there isn't a lot you can do about this - except contact your upstream providers and get them to block the offending hosts.

cheers

dave

0 Helpful

mazlan.alatif
Level 1
Level 1

‎12-28-2004 06:18 PM

Hi,

How about using the RTBH.. It works for me..

0 Helpful
Customers Also Viewed These Support Documents