cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
764
Views
0
Helpful
3
Replies

ddos mitigation

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

I need advice regarding implementing ddos mitigation at the distribution layer.

Internet

|

WAN Links

|

Routers

|

Switches

|

Firewall per Server Farm

|

Server Farm

I'm thinking if implementing ddos mitigation at the switch using Cisco Catalyst 6500 with Cisco Anomaly Guard Module and Cisco Traffic Anomaly Detector Module will be a good start?

Appreciate your ddos mitigation expert advice.

TIA

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

I think the best choice would be to apply it as close to the WAN as possible. So I guess the edge router or switch are the best.

Anomaly detector device can help with learning your traffic and being able to think when there is anomaly that might be an attack.

At the same time, cisco routers can do some attack mitigation like tcp intercept (making sure hosts exist before finish the connections), limit amount of connections up to specific limits etc.

I hope it helps.

PK

Hi PK,

Thank you for your reply. I initially choose the distribution switch as to also protect from internal DDOS from other connections to the switch.

Does the switch model and modules are good? someone told me there is a replacement for those modules I mentioned.

Btw, the WAN link should be able to sustain the DDOS right? What is the theoritical bandwidth size (incoming - assuming DDOS is from external) to sustain a DDOS attack?

TIA

"the WAN link should be able to sustain the DDOS right?" Not sure what you mean here.

The WAN link has a bandwidth, if someone sends too much traffic to oversubscribe that link it will be oversubscribed.

"protect from internal DDOS from other connections to the switch"

Also not sure what you mean. You can limit who connects to the switch, so that can be done also. Also Dos mitigation can also be done outbound.

The Anomaly modules have been out for some time and the truth is that they arte phased out slowly.

There are other option like FWSM firewall module you can also evaluate.

I hope it helps.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: