WANGuard is great for detection but WANFilter failed my tests. I couldn't filter a 700mbit SYN flood. The best it did was to completely block TCP/80. It uses netfilter to block Layer3 attacks.
It does have ACL support for some Intel NICs, but it doesn't use it near enough. -- Kate -----Original Message----- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Arzhel Younsi Sent: Monday, April 06, 2015 11:48 AM To: nanog@nanog.org Subject: Re: PoC for shortlisted DDoS Vendors Not an appliance but WanGaurd might be a good match as well. We're currently evaluating it. http://www.andrisoft.com/software/wanguard -- Arzhel On Fri, Apr 3, 2015, at 01:31, den...@justipit.com wrote: > You should include Radware on that list . > > ----- Reply message ----- > From: "Mohamed Kamal" <mka...@noor.net> > To: "NANOG" <nanog@nanog.org> > Subject: PoC for shortlisted DDoS Vendors > Date: Wed, Apr 1, 2015 9:51 AM > > In our effort to pick up a reasonably priced DDoS appliance with a > competitive features, we're in a process of doing a PoC for the > following shortlisted vendors: > > 1- RioRey > 2- NSFocus > 3- Arbor > 4- A10 > > The setup will be inline. So it would be great if anyone have done > this before and can help provide the appropriate tools, advices, or > the testing documents for efficient PoC. > > Thanks. > > -- > Mohamed Kamal > Core Network Sr. Engineer