[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Experience on Wanguard for 'anti' DDOS solutions

Subject: Experience on Wanguard for 'anti' DDOS solutions
From: marcel.duregards at yahoo.fr (marcel.duregards at yahoo.fr)
Date: Sat, 15 Aug 2015 14:07:37 +0200
In-reply-to: <CAOLsBOv4quzg9a4Y5to7qVyy2=_U-uysKzO2hDwYuMDWSqffxQ@mail.gmail.com>
References: <CAOLsBOuQP1m8u=1H_nre9jaExONfJ16rs0h=O4m7_+Gt5q9d7g@mail.gmail.com> <[email protected]> <CAOLsBOv4quzg9a4Y5to7qVyy2=_U-uysKzO2hDwYuMDWSqffxQ@mail.gmail.com>

One thing which is not so obvious is to reduce false positive.
This is hard when you have a mix of traffic profiles/patterns within 
your network, with customers in differents domains (scientists, 
financials, video addicted, torrent addicted, etc...) with different 
bandwidth.

a)
Does anybody tried to separate ip range by traffic profile to apply 
specific rule/profile per ip allocation?

puts all financials clients into range X/X and define rule Z
puts all scientists clients into range Y/Y and apply rule Q
etc....

Does this help ?

b)
One other method could be to classify customers by their bandwidth.

profile 1. from 10-100M
profile 2. 100-500M
profile 3. 500M-1000M
profile 4. >1000M

Like this you do not mix big BW with small BW customer, and do not get 
alerted when client from profile 4 start to download at 1G.

Any experience ?

My guess is that solution b is better than a. Not so easy to classify 
traffic pattern per group of client.

Thank, best regards.
- Marcel

On 13.08.2015 06:42, Ramy Hashish wrote:
> Hello Fabien,
>
> And why don't you use A10 for both detection and mitigation?
>
> Thanks,
>
> Ramy
>
> On Wed, Aug 12, 2015 at 6:42 PM, Fabien Delmotte <fdelmotte1 at mac.com> wrote:
>
>> Hello
>>
>> My 2 cents
>> You can use Wanguard for the detection and A10 for the mitigation, you
>> have just to play with the API.
>>
>> Regards
>>
>> Fabien
>>
>>> Le 12 ao?t 2015 ? 16:28, Ramy Hashish <ramy.ihashish at gmail.com> a ?crit
>> :
>>>
>>>>
>>>>
>>>> Date: Tue, 11 Aug 2015 08:14:54 +0200
>>>> From: "marcel.duregards at yahoo.fr" <marcel.duregards at yahoo.fr>
>>>> To: nanog at nanog.org
>>>> Subject: Re: Experience on Wanguard for 'anti' DDOS solutions
>>>> Message-ID: <55C992DE.3020906 at yahoo.fr>
>>>> Content-Type: text/plain; charset=windows-1252; format=flowed
>>>>
>>>> anybody from this impressive list ?:
>>>>
>>>> https://www.andrisoft.com/company/customers
>>>>
>>>> -- Marcel
>>>>
>>>>
>>>>
>>> Anybody here compared Wanguard's performance with the DDoS vendors in the
>>> market (Arbor, Radware, NSFocus, A10, RioRey, Staminus, F5 ......)?
>>>
>>> Another question, have anybody from the reviewers tested the false
>>> positives of the box, or experienced any false positive incidents?
>>>
>>> Thanks,
>>>
>>> Ramy
>>
>>

References:
- Experience on Wanguard for 'anti' DDOS solutions
  - From: ramy.ihashish at gmail.com (Ramy Hashish)
- Experience on Wanguard for 'anti' DDOS solutions
  - From: fdelmotte1 at mac.com (Fabien Delmotte)
- Experience on Wanguard for 'anti' DDOS solutions
  - From: ramy.ihashish at gmail.com (Ramy Hashish)

Prev by Date: BRAS sugestion
Next by Date: net neutrality peering dispute between CenturyTel/Qwest and Cogent in Dallas
Previous by thread: Experience on Wanguard for 'anti' DDOS solutions
Next by thread: Experience on Wanguard for 'anti' DDOS solutions
Index(es):
- Date
- Thread