On Sat, Jul 30, 2016 at 11:05:48PM -0500, Brady Kittel wrote:
I worked at a shop for a while that used Arbor networks solution with good success. From what I recall it requires the upstream carrier to support it so you'd have to see if yours do.
I replied offlist to the OP. There are so many ways to operate denial of service attacks. Some of them are bandwidth eating (ICMP, SYN, UDP flooding), some of them attack the assets (HTTP slow accept, high fake query/request, etc). Each of these needs a slightly different approach. Arbor Networks works quite well if both ends have it - very true and also very, very expensive. F5 has stuff built in to protect assets but also can be very expensive. Fortigate firewalls have some decent stuff in them for relegating throughput and dropping bad traffic at the edge but will require some tuning. IPS/IDS is quite good as well. But once the traffic is at your edge, and the attack is to burn your bandwidth, you've already lost. But if application attacks are going on then FGT can help. CloudFlare moves the endpoint into their network and have come a long way since I first learned of them. Think of it as a reverse proxy for HTTP-type termination and your global DNS server. There are so many things that can help mitigate depending on the type of attack - that needs to be determined :) -- Mike Horwath, reachable via drechsau@Geeks.ORG