> This sounds like a different model to me. Kentik I think averages out around
> $500 per 10G per month
I was talking about Imperva
Phil,
This sounds like a different model to me. Kentik I think averages out
around $500 per 10G per month. Kentik doesn't do any scrubbing however.
Does anyone have guide to DDoS services? Seems like there is a wide array
of pricing and technology options.
On Tue, Feb 4, 2020 at 7:50 AM Phil Lavi
Hopefully you would be sending those flows out a different circuit than the one
that’s going to get swamped with a DDoS otherwise... it might just take a while
to mitigate that ;-) depending on the type obviously.
--
J. Hellenthal
The fact that there's a highway to Hell but only a stairway to
If you are looking for remote scrubbing, I can high recommend DDoS-Guard
(ddos-guard.com), they do not have any “limits” on the size or the number of
attacks, the billing is simply based on the clean bandwidth. The highest they
have mitigated for us is about 40G. You can either have it in an alw
> So is Imperva similar to how Kentik operates? What was it priced liked?
It is a nice model as you don't need additional hardware or virtual appliances
on-prem, which cuts down on the CAPEX cost. Like everyone else, they price the
scrubbing based on your clean traffic levels. Price I have is ci
Javier,
So is Imperva similar to how Kentik operates? What was it priced liked? I
like the Kentik solution, but their per router per month pricing is too
expensive even for a small network.
On Mon, Feb 3, 2020 at 11:01 AM Javier Juan wrote:
> Hi !
>
> I was looking around (a couple years ago)
Hi !
I was looking around (a couple years ago) for mitigation appliances
(Riorey, Arbor, F5 and so on) but the best and almost affordable
solution I found was Incapsula/Imperva.
https://docs.imperva.com/bundle/cloud-application-security/page/introducing/network-ddos-monitoring.htm
Basically,
Check out Wanguard
--
Dmitry Sherman
From: NANOG on behalf of Colton Conor
Date: Wednesday, 29 January 2020 at 0:47
To: Mike
Cc: NANOG
Subject: Re: Recommended DDoS mitigation appliance?
Mike,
What did you end up going with if not fastnetmon? Were you using their paid or
free version
Mike,
The free trial is the paid version right? Just was wondering if you use the
community or advanced paid version.
On Wed, Jan 29, 2020 at 4:38 PM Mike wrote:
> I had intended to use the paid version once the 'free trial' proved to
> work, but for the previously mentioned reasons it did not
I had intended to use the paid version once the 'free trial' proved to
work, but for the previously mentioned reasons it did not and I gave up.
Would still love to have this style of solution in my network and still
open to other solutions, just haven't really found anything else.
On 1/28/20
Mike,
What did you end up going with if not fastnetmon? Were you using their paid
or free version?
On Thu, Dec 5, 2019 at 4:45 PM Mike wrote:
>
> On 12/5/19 1:43 PM, Hugo Slabbert wrote:
> >> FastNetMon is awesome, but its a detection tool with no mitigation
> >> capacity whatsoever.
> >
> > Do
On 12/5/19 1:43 PM, Hugo Slabbert wrote:
FastNetMon is awesome, but its a detection tool with no mitigation
capacity whatsoever.
Does is not, though, provide the ability to hook into RTBH or Flowspec
setups?
Yes it does provide RTBH hook.
I evaluated fastnetmon using exactly the 'quick
Peace,
On Fri, Dec 6, 2019, 12:44 AM Hugo Slabbert wrote:
> >FastNetMon is awesome, but its a detection tool with no mitigation
> >capacity whatsoever.
>
> Does is not, though, provide the ability to hook into RTBH or Flowspec
> setups?
>
Flowspec is enabled upstream, as previously prophecied.
FastNetMon is awesome, but its a detection tool with no mitigation
capacity whatsoever.
Does is not, though, provide the ability to hook into RTBH or Flowspec
setups?
--
Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E | also on Signal
On Thu 2019-Dec-05 10:31:3
FastNetMon is awesome, but its a detection tool with no mitigation capacity
whatsoever.
On Wed, Dec 4, 2019 at 7:16 PM Rabbi Rob Thomas wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hello, NANOG!
>
> My thanks again to all who responded with suggestions, tips, and
> further cons
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello, NANOG!
My thanks again to all who responded with suggestions, tips, and
further considerations. I appreciate it very much!
As promised, here is my pithy summary of your detailed suggestions.
I've included URLs for those who may wish to cond
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello, NANOG!
Thank you to all who have generously given your time to respond
publicly and privately. I have a long list of things to research
while configuring our shiny new Juniper routers. :) I'll summarize
to the list shortly.
Be well!
Rob,
It's a logical evolution as botnets became less of a tool for lulz and more
of a economic asset to certain segments of the world.
No sense launching an orbital strike where a garden hose will do the job
just as well.
On Mon, Nov 18, 2019 at 9:05 AM Tom Hill wrote:
> On 18/11/2019 13:50, Mike Ha
Hi Rabbi,
a PoC quite a while ago with RioRey worked quite satisfying but we are
working with Arbor since a couple of years. It works okay and is
insanely expensive. Mostly because of the price I wouldn't recommend it
but I'm not sure if there is anything in the market technically on the
same lev
Peace,
On Mon, Nov 18, 2019, 4:51 PM Mike Hammett wrote:
> I would like the list to know that not all targets attract such large
> attacks.
>
It is not that easily predictable. E.g. in case of reflection DDoS
sometimes even the attacker has no good idea of how much of traffic s/he is
generatin
On 18/11/2019 13:50, Mike Hammett wrote:
> I would like the list to know that not all targets attract such large
> attacks. I know many eyeball ISPs that encounter less than 10 gig
> attacks, which can be reasonably absorbed\mitigated. Online gamers
> looking to boot someone else from the game aren
gigs of resources to an attack.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
Midwest-IX
http://www.midwest-ix.com
- Original Message -
From: "Rabbi Rob Thomas"
To: nanog@nanog.org
Sent: Sunday, November 17, 2019 4:18:57 PM
Subject: Recommend
Correct statement. You forgot one zero.
On Mon, Nov 18, 2019 at 10:48 AM Denys Fedoryshchenko <
nuclear...@nuclearcat.com> wrote:
> On 2019-11-18 04:23, Richard wrote:
> > I would say you are making some assumptions that are not fact based.
> > The OP is very knowledgeable and would not mince wo
On 2019-11-18 04:23, Richard wrote:
I would say you are making some assumptions that are not fact based.
The OP is very knowledgeable and would not mince words or waste
bandwidth. Let us see what he has to say in regards to your remarks.
He will be able to make this more clear once he has read wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Töma,
> Potential miscreants today should be assumed to have much more to
> show you even on a daily basis.
Oh, indeed! :)
> Is it like you also have something filtering upstream for you,
> e.g. flowspec-enabled peers?
That is correct.
Be
Peace,
On Mon, Nov 18, 2019, 5:25 AM Richard wrote:
> The OP is very knowledgeable and would not mince words or waste bandwidth.
>
Sure, I totally assume that. I just feel I might offer a better advice
once I see the big picture.
--
Töma
>
I would say you are making some assumptions that are not fact based. The
OP is very knowledgeable and would not mince words or waste bandwidth.
Let us see what he has to say in regards to your remarks. He will be
able to make this more clear once he has read what people have stated in
other respons
Peace,
On Mon, Nov 18, 2019, 1:49 AM Rabbi Rob Thomas wrote:
> > I am going to assume you want it to spit out 10G clean, what size
> > dirty traffic are you expecting it to handle?
>
> Great question! Let's say between 6Gbps and 8Gbps dirty.
>
As someone making a living as a DDoS mitigation en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Ryan,
> I am going to assume you want it to spit out 10G clean, what size
> dirty traffic are you expecting it to handle?
Great question! Let's say between 6Gbps and 8Gbps dirty.
Thank you!
Rob.
> On Nov 17 2019, at 2:18 pm, Rabbi Rob Thom
Rob,
I am going to assume you want it to spit out 10G clean, what size dirty traffic
are you expecting it to handle?
Ryan
On Nov 17 2019, at 2:18 pm, Rabbi Rob Thomas wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> Hello, NANOG!
> I'm in the midst of rebuilding/upgrading our b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello, NANOG!
I'm in the midst of rebuilding/upgrading our backbone and peering -
sessions cheerfully accepted :) - and am curious what folks recommend
in the DDoS mitigation appliance realm? Ideally it would be capable
of 10Gbps and circa 14Mpps
31 matches
Mail list logo
