02-18-2010 11:50 PM - edited 03-09-2019 10:50 PM
Hi,
I need advice regarding implementing ddos mitigation at the distribution layer.
Internet
|
WAN Links
|
Routers
|
Switches
|
Firewall per Server Farm
|
Server Farm
I'm thinking if implementing ddos mitigation at the switch using Cisco Catalyst 6500 with Cisco Anomaly Guard Module and Cisco Traffic Anomaly Detector Module will be a good start?
Appreciate your ddos mitigation expert advice.
TIA
02-19-2010 09:54 AM
I think the best choice would be to apply it as close to the WAN as possible. So I guess the edge router or switch are the best.
Anomaly detector device can help with learning your traffic and being able to think when there is anomaly that might be an attack.
At the same time, cisco routers can do some attack mitigation like tcp intercept (making sure hosts exist before finish the connections), limit amount of connections up to specific limits etc.
I hope it helps.
PK
02-21-2010 06:37 PM
Hi PK,
Thank you for your reply. I initially choose the distribution switch as to also protect from internal DDOS from other connections to the switch.
Does the switch model and modules are good? someone told me there is a replacement for those modules I mentioned.
Btw, the WAN link should be able to sustain the DDOS right? What is the theoritical bandwidth size (incoming - assuming DDOS is from external) to sustain a DDOS attack?
TIA
02-22-2010 06:31 AM
"the WAN link should be able to sustain the DDOS right?" Not sure what you mean here.
The WAN link has a bandwidth, if someone sends too much traffic to oversubscribe that link it will be oversubscribed.
"protect from internal DDOS from other connections to the switch"
Also not sure what you mean. You can limit who connects to the switch, so that can be done also. Also Dos mitigation can also be done outbound.
The Anomaly modules have been out for some time and the truth is that they arte phased out slowly.
There are other option like FWSM firewall module you can also evaluate.
I hope it helps.
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: