North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: IDS/DDOS prevention hardware that doesnt cost $80,000+?
On May 25, 10:45am, "Drew Weaver" <email@example.com> wrote: > I'm wondering if there is such an animal out there? All of > the ones I have seen are made for the multi-gigabit service provider > there aren't any for the smaller mid-rangers out there. Can anyone > suggest anything that we can put in place? The attacks we're seeing are > just a huge influx of PPS not so much the amount of bandwidth. I'm not sure if I should keep quiet or ... what the heck. FWIW, we're finalising prototypes of a system that may meet your needs. It consists of a central control unit and one or more intelligent filter units you place strategically in your network (you typically want to filter as close as possible to your ingress points). The general functionality is that when you detect (by whatever means you choose, we don't do any intrusion/"cold" detection) an attack on one or more targets inside your network, you redirect traffic to the filter(s) (this is done using BGP updates from the control unit, but let's not go into more details right now), which then deploy a unique and highly innovative method (patent pending) for identifying and filtering out the attack traffic, while letting bona fide traffic through unhindered. An upcoming revision will support explicit ACLs (ie, black- and white-listing of traffic sources) for you to upload if you have tools that generate those, as well as various traffic control functions. There will also be strong profiling and offline analysis support, and hopefully some nifty graphical tools. The basic filter unit has a capacity of about 1 million pps, and comes as standard with a gigabit ethernet interface (1 Mpps translates roughly to a fully loaded Gbit ethernet at minimum frame size). Beware of people that quote capacity in bps rather than pps; dumb bits beyond the packet header don't cost anything to transport, so you can quote enormous capacities if you envisage an attack with large packets. But you probably knew that already. Physically it's a rackmount 1U box with some very noisy fans (machine room placement only). USD pricing is TBD but will be very interesting. Let me know if you're interested, and I'll get in touch when we're closer to real production, which isn't far away (a couple of months). Best, -- Per