Results 1 to 8 of 8

Thread: DDOS protection

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default DDOS protection

    Many members here work in production environments and this question is for you. What are you using for DDOS prevention/protection for you public facing web servers? Open source or commercial. Checkpoint is just not cutting it and we are urgently looking for reasonable alternatives.

    Any suggestions?

    Edit: looks like Dragon IPS might be the ticket!

  2. #2
    Member imported_anubis2k7's Avatar
    Join Date
    Jun 2006
    Posts
    115

    Default

    A seperate external hardware based firewall appliance?
    "Sure is for people with nothing on the line.....you and me? We just get on with it."

    -Garabaldi

  3. #3
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    21

    Default

    I work as a security engineer at a decent sized unmanaged hosting provider with 8 data centers and approximately 50,000 servers, so I handle a good amount of the Checkpoint configurations for a majority of our clients(somewhere around 1100). First let me say I really like Checkpoint but at the same time I do understand your problem. I am guessing your using one of the smaller solutions like a X16 or a XU. For starters a firewall is in no way an answer for DDoS attacks. And any firewall if you hit it with enough traffic, even traffic it is rejecting or dropping will eventually be crippled. That being said from what I have seen Checkpoint can in no way live up to the numbers that it says it is capable of. At the same time though let me say I don't know your situation, every situation is different, and quite possibly there is a better solution that taking this on yourself. At my work we offer CiscoR Guard XT 5650 DDoS Mitigation Appliance from Cisco Systems, Tipping Point, Arbor Peakflow,Real Secure Sensors and a host of other solutions to provide the DoS and intrusion detection and mitigration solutions.

  4. #4
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    I always found this to be an interesting subject. Not the DDoS itself but the prevention measures and what to do when you come under attack. It seems like a difficult task to become invulnerable to such an attack.

  5. #5
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    21

    Default

    Your right and to be honest the only real answer is bigger servers with more RAM. And maybe backbone blocking from your edge provider if you can narrow down the attack to a certain region that you don't really need to allow access to your sites. Every situation is truly different.

  6. #6
    Senior Member shamanvirtuel's Avatar
    Join Date
    Mar 2010
    Location
    Somewhere in the "Ex" human right country
    Posts
    2,988

    Default

    im agree with you codak , there's few solutions ......

    are you aware of cisco guard ?

    http://www.cisco.com/web/about/cisco...uard_Print.pdf

    if not you may be interested...
    Watch your back, your packetz will belong to me soon... xD

    BackTrack :
    Giving Machine Guns to Monkeys since 2006

  7. #7
    Just burned his ISO
    Join Date
    Mar 2008
    Posts
    21

    Default

    Yep thats actually exactly what we use.

    I've never seen that pdf though. That will be useful for work. Thank you

    I refrained from saying were I worked so as to not make Checkpoint upset. I do like there firewalls but they offer little in the way of stopping a full-scale DDoS attack and typically end up being the first single point of failure in this type of situation.

  8. #8
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    I should have mentioned that we do have Cisco guard in place.. It’s just everything’s so manual when it comes to a ddos attack and I’ve seen all kinds from port 80 attacks using dns packets at 1500 too heavy udp floods at very minute packet sizes all coming from the same net block (which makes it so much easier to block)

    Manually applying filters in guard dropped traffic from 1Gbps to 30Mbps. But it’s all a manual venture that somehow always seems to start right as your trying to leave for the day.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •