Portal Home > Knowledgebase > Articles Database > anti-ddos or firewall hardware
anti-ddos or firewall hardware
| Posted by EricTham, 04-10-2009, 01:56 AM |
| Hi,
I am trying to purchase either a anti-ddos or firewall machine. My main objective is to prevent from ddos attack.
Do i purchase a anti-ddos hardware (please recommend), or firewall hardware (please recommend)?
anti-ddos and firewall is the same right? is about ip analyse and filter right?
After using the ddoss/firewall , i may also want to subscribe to those third party doss prevention which has big bandwidth, if i have a good hardware anti-ddos/firewall already, do i still need to have subscribe to these services?
Please advice,
Thank You
|
| Posted by DigitalLinx, 04-10-2009, 07:32 AM |
| What's your budget? Single Cisco Guard XT 5650 would mitigate most attacks upto 1gbps provided that your uplink can hold 1gbps, but you're looking at around $30-$40K
Last edited by DigitalLinx; 04-10-2009 at 07:35 AM.
|
| Posted by eth00, 04-10-2009, 07:34 AM |
| I don't have pricing off had but as digital mentioned most of the really good anti-ddos stuff is going to be pretty expensive. The best tends to be home grown and not for sale anyways.
If you really think you are going to have a problem with constant attacks you should consider a host that specializes in DDoS mitigation.
|
| Posted by EricTham, 04-10-2009, 09:22 PM |
| But is it truth that whatever hardward i have i must have the bandwidth to take it right? Example i took up a colo with 5 mbits dedicated , my firewall/ddos machine can only handle 5 mbits of incoming , if the attack uses 1gb of mbits of incomming, all my sites will still be down right? (that is why i was suggested to use ddoss host companies that can take in big bandwidth of attack)
|
| Posted by eth00, 04-10-2009, 09:29 PM |
| Correct. You also may be billed for overage, your connection may only be able to take 5-10Mbps but depending on the billing you may be responsible for the entire 1Gbps or they will null route (disable) your IP.
|
| Posted by RioReyEd, 04-12-2009, 03:42 PM |
| I would looke to someone with a dedicated appliance as a lot of internet folks are aware that this problem overwhelms traditional security methods. Firewalls and IPS are both great if you have time to solve the problem or it is a known attack. A dedicated box is designed to catch 'new' attacks. Check us out and others that are only focused on DDoS if you want my opinion.
Last edited by RioReyEd; 04-12-2009 at 03:43 PM.
Reason: typo
|
| Posted by Johnie, 05-07-2009, 12:36 AM |
| hey Eric, so what's your progress? I need to know what have you done right now so we can share similar interests as well
|
| Posted by RioReyEd, 05-08-2009, 09:23 AM |
| Do you still need help? Are you under attack?
|
| Posted by mixmox, 05-09-2009, 07:55 AM |
| hello. we have the same problem and need hardware firewall. because i have install mode securety.mode evasive csf and ... .but my vps is under attack and down many times per day.because off high load average .
i dont know how can i protect my vps from this BIG problem
|
| Posted by eth00, 05-09-2009, 03:25 PM |
| Not really manage options with a VPS. Have you asked your provider what they can do for you? Have you considered another provider like gigenet that advertises itself as an anti-ddos host? http://www.gigenet.com/hosting-solut...rotection.html
To really give specifics for the VPS would have to know more of what type attack you are having a problem with.
|
| Posted by RioReyEd, 05-11-2009, 07:40 AM |
| nimafire,
DDoS is a growing problem for many because it's so easy to launch. The guys doing this merely push a button and a botnet somewhere just loops away generating traffic. You have basically 2 choices either run your traffic through someone that protects you or invest in a hardware solution for yourself. I'm biased of course, however if you chose hardware do a comparision on us along with the others like Cisco that are here and you'll be able to find a solution.
Good Luck.
|
| Posted by JonathanWest, 05-11-2009, 09:41 AM |
| uhmm guys.. im sorry for this but.
configuring iptables of any other firewall, using mod security and any other module for apache.. all that things will never stop a real DDoS attack.
A DDoS attack do not only affect the Target Machine.. the DDoS attack try to consume all the resource of the target including all the bandwidth. so .. to really stop the attack you must have special infraestructure at layer network to stop him .. that include, uplinks, enough bandiwdth, hardware to identify and drop the bad traffic and in the last point maybe a good local firewall configuration in the service machine.
that is the problem with the DDoS.
mitigate and fight against that kind of attacks is expensive if you want to try for your self.
Recomendation, look for a good company who offer what you want but with DDoS Mitigation Service.
|
| Posted by JonathanWest, 05-11-2009, 09:42 AM |
| rioreyed.
nice.. we have a few rioreys in our network as part of our network mitigation battery, nice hard.
|
Add to Favourites 
Print this Article
Also Read
