05-02-2004 11:39 PM - edited 03-09-2019 07:15 AM
Hallo,
At customer side we have DDoS. It's a massive TCP SYN Attack with bandwith up to 500 MBit/s. Maybe future can bring more than that bandwith, who knows?
My question regarding that Attack is: What is the best strategie against that attacks? We have thinking about Catalyst 6500 and content engine module or Firewall Service Module. But Firewall Service Module can do about 100,000 connections per second and maybe that's not enough I think.
Does anybody solved that problem before?
Thanks Markus
05-02-2004 11:50 PM
For attacks like this you need tools/products such as Arbor Networks' (a Cisco development partner) anomaly detection system and/or Cisco's recent acquisition of Riverhead - a leading developer of security technology that protects against Distributed Denial of Service ("DDoS") attacks and other security threats in enterprise and service provider networks.
By comparing traffic flows to learned profiles of normal traffic patterns, behavior, and protocol compliance, these cutting-edge technology can quickly and accurately identify and mitigate a broad range of known as well as previously unseen security attacks.
my 2 cents.
Yusuf
05-03-2004 01:51 AM
Thanks a lot for your answer! I have some presentation materials about Riverhead. Because of the pricing strategie of riverhead (and some other reasons like know how...) I would prefer a cisco only solution (pix 535, ids, fwsm, content engine module with catalyst 6500...)
Do you know a cisco solution too?
The solution with arbor networks seems to be nice, but does that handle gigabit traffic too?
Thanks
Markus
05-03-2004 02:31 AM
Riverhead's technology is now Cisco Technology.
If you want a cisco only solution - well there you go. Seriously though, the Guard (called the 5650 now?) is your only real choice to mitigate 500mb/sec DDoS attacks.
-D
Darrel Lewis
consulting engineer
06-30-2004 09:30 PM
hi,
really you should be worried about your internet pipe filling up - in which case there isn't a lot you can do about this - except contact your upstream providers and get them to block the offending hosts.
cheers
dave
12-28-2004 06:18 PM
Hi,
How about using the RTBH.. It works for me..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide