With these safeguards in place - and with flow devices being part of the mix somewhere .. what you propose is quite reasonable.
There's still the question of whether an application that receives a lot of new / untrusted traffic - a mail or web server - would benefit from having a stateful firewall in front .. Roland seems to think not. --srs On Tue, Jan 5, 2010 at 9:35 AM, Jeffrey Lyon <[email protected]> wrote: > 1. We have multiple nodes conducting DDoS scrubbing, one failing would not > be catastrophic. > > 2. Indeed. > > 3. Sort of, such devices are downstream for extremely valid reasons I won't > get into now. > > 4. Indeed, were equipped to handle substantially higher than 150kpps. > > I'm sure Arbor is really neat but I disagree that any DDoS appliance is a > standalone solution. I don't expect an employee of the vendor themselves to > attest to this though. -- Suresh Ramasubramanian ([email protected])
