From: Faisal Khan (faisal@netxs.com.pk)
Date: Wed Jan 12 2005 - 08:39:49 EST
Thank you folks for the tons of links/suggestions people have forwarded.
Its kinda scary at times to see the number of tools out there that can
cripple systems. The hard part was trying to turn the antivirus agents
running on our servers off, to use these software, most were flagged as
trojans by Trend Micro, etc.
Just to answer a question someone posted, we are trying to determine three
things here. When a massive DDoS attack occurs on our network (say
something in the size of 100-150Mbps), averaging 30,000-45,000 pps (setup
rate of about the same), does it totally saturate our network (or more
specifically that of our service provider)? Also, the thresholds we've
assigned on the mitigation gear, how fast and effectively do they kick in.
But perhaps the most important point to discover is that are we able to
connect remotely to our servers that are being attacked - via the same
channel through which the DDoS attack is coming in thru.
We'll be carrying out the tests next weeks, once we have decided on a
couple of softwares and have had a successful lab test run. If anyone is
interested in the results, etc. do email me and I'll be glad to share after
sanitizing IPs of course.
Some of the mitigation equipment we would be testing are: Foundry
ServerIron/BigIron, TopLayer IPS 100 and IPS 5500, Netscreen 200,
BarbedWires DP Inspector and possibly mitigation gear from either Mazu or
Riverhead.
Faisal
Faisal Khan, CEO
Net Access Communication
Systems (Private) Limited
________________________________
Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting
Visit www.netxs.com.pk for more information.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT