Look at the products from RioRey (www.riorey.com). IMHO I think their technology is much better than some of the other players out here.
On 11/08/2014 07:10 PM, Eric C. Miller wrote: > Today, we experienced (3) separate DDoS attacks from Eastern Asia, all > generating > 2Gbps towards a single IP address in our network. All 3 attacks > targeted different IP addresses with dst UDP 19, and the attacks lasted for > about 5 minutes and stopped as fast as they started. > > Does anyone have any suggestions for mitigating these type of attacks? > > A couple of things that we've done already... > > We set up BGP communities with our upstreams, and tested that RTBH can be set > and it does work. However, by the time that we are able to trigger the black > hole, the attack is almost always over. > > For now, we've blocked UDP 19 incoming at our edge, so that if future, > similar attacks occur, it doesn't affect our internal links. > > What I think that I need is an IDS that can watch our edge traffic and > automatically trigger a block hole advertisement for any internal IP > beginning to receive > 100Mbps of traffic. A few searches are initially > coming up dry... > > > > Eric Miller, CCNP > Network Engineering Consultant > (407) 257-5115 > > > > -- Joe Chisolm Computer Translations, Inc. Marble Falls, Tx. 830-265-8018 Public Key Available at www.sks-keyservers.net