[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

D/DoS mitigation hardware/software needed.

Subject: D/DoS mitigation hardware/software needed.
From: marquis at roble.com (Roger Marquis)
Date: Sat, 9 Jan 2010 19:05:07 -0800 (PST)
In-reply-to: <[email protected]>
References: <[email protected]>

Dobbins, Roland wrote:
>> Firewalls are not designed to mitigate large scale DDoS, unlike
>> Arbors, but they do a damn good job of mitigating small scale
>> attacks of all kinds including DDoS.
> 
> Not been my experience at all - quite the opposite.

Ok, I'll bite.  What firewalls are you referring to?

>> Their CAM tables, realtime ASICs and low latencies are very
>> much unlike the CPU-driven, interrupt-bound hardware and
>> kernel-locking, multi-tasking software on a typical web server.
>> IME it is a rare firewall that doesn't fail long, long after
>> (that's after, not before) the hosts behind them would have
>> otherwise gone belly-up.
> 
> Completely incorrect on all counts.

So then you're talking about CPU-driven firewalls, without ASICs e.g.,
consumer-level gear?  Well, that would explain why you think they fail
before the servers behind them.

>I've been a sysadmin

Have you noticed how easily Drupal servers go down with corrupt MyISAM
tables?  How would S/RTBH and/or flow-spec protect against that?

Roger Marquis

Follow-Ups:
- D/DoS mitigation hardware/software needed.
  - From: rdobbins at arbor.net (Dobbins, Roland)

Prev by Date: JunOS remote DoS code has been posted to FD
Next by Date: he.net down/slow?
Previous by thread: D/DoS mitigation hardware/software needed.
Next by thread: D/DoS mitigation hardware/software needed.
Index(es):
- Date
- Thread