Hi,
> i need to protect a "realtime" website with an >inline IPS from (D)DOS > attacks. I'd keep in mind that the latest DDoS attacks are not limited to HTTP-based floods and use a variety of DDoS vectors to bring your website down. For instance, the DDoS from the Korean botnet - http://www.networkworld.com/news/2009/071009-korea-ddos-virus-mission-shifts.html - involved sending normal HTTP queries asking for an index page, SYN floods, UDP floods, IP proto floods etc. So the vendor probably needs to provide more comprehensive DDoS protection, not just HTTP flood protection. > My dream appliance would be able to run like in a 7 day learning mode which > counts max new sessions per second, max sessions per client aso. After this 7 > days it creates a filter with +x% of the learned values and sets these limits > active. I believe either Arbor Peakflow or Top Layer IPS 5500 do what you described and much more for DDoS. In our experience, Arbor is a little better at botnet protection and Top Layer is at DDoS and file-based attack protection. Both have pretty comprehensive security protection as well - MS vulnerabilities, attachments etc. Cisco and ISS are good, too, but not as flexible when it comes to DDoS analysis and support. -JF ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
