Hi Avi, The big problem I had with RadWare DefensePro (this was about a year ago), was that I couldn't set the SYN cache timeout to anything less than 3 seconds. As the cache could only hold 64,000 SYNs, any SYN Flood larger than 64,000/3 = 21,333 SYN/s would completely fill the cache. This spelt disaster every time a SYN flood hit the network, as invalid SYNs filled up the cache, leaving no space for new, legitimate connections to be setup. True, the SYN Flood was mitigated, but at the expense of any new connections (existing ones were preserved), which is generally bad if you're dealing with critical applications and web presences. I would love to hear from RadWare as to whether or not this limitation has actually being fixed, and if it has, how their new technology now fares against the more mature mitigation products such as TopLayer and Riverhead.
Rgds, Matt --- avi chesla <[EMAIL PROTECTED]> wrote: > Hi, You shoould also consider Rdaware's DefensePro > with their new behavioral > based DDoS protection. > > Avi > > > >From: Devdas Bhagat <[EMAIL PROTECTED]> > >Reply-To: Devdas Bhagat <[EMAIL PROTECTED]> > >To: [email protected] > >Subject: Re: Denial of Service: Commercial Defense > products > >Date: Thu, 24 Nov 2005 21:59:41 +0530 > > > >On 22/11/05 16:43 +0700, Ogle wrote: > > > Hi, > > > I have an ISP customer who want to protect their > network and their > > > subscriber's network. > > > In "Internet Denial of Service: Attack and > Defense Mecahnisms" book, I > > > noticed 7 commercial products. > > > 1. Mazu Enforcer by Mazu Networks > > > 2. Peakflow by Arbor Networks > > > 3. WS Series Apliances by Webscreen Technologies > > > 4. Captus IPS by Captus Networks > > > 5. MANAnet Shield by CS3 > > > 6. Cisco Traffic Anomaly Detector XT and Cisco > Guard XT > > > 7. StealthWatch by Lancope > > > > > > Since I'm new with this type of products, is > there any reference out > > > there to help me choose the right solution to my > customer ? > > > Is there any problem if I use IPS (ie: > TippingPoint, McAfee) for this > >solution ? > > > >What kind of DoS? Is this a simple packet flooding > choking the pipe? Is > >this an application layer attack? Syn floods? > Physical damage to links? > > > >Devdas Bhagat > > > >------------------------------------------------------------------------ > >Test Your IDS > > > >Is your IDS deployed correctly? > >Find out quickly and easily by testing it > >with real-world attacks from CORE IMPACT. > >Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > >to learn more. > >------------------------------------------------------------------------ > > > > _________________________________________________________________ > Express yourself instantly with MSN Messenger! > Download today it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > ------------------------------------------------------------------------ > > ___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
