• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1023
  • Last Modified:

DDoS Appliance


I am looking for a DDoS Appliance to be put in my Datacenter. What would you recommend ?

I was taking a look into the Cisco Guard XT 5650, but it requires a separate module to switch 6500, which I dont have.

Anybody would recommend a standalone DDoS Appliance that would be effective for our needs ?

Thank you.
1 Solution
my checkpoint firewall covered this for me
maxihostAuthor Commented:
I am looking for something DDoS specific. Anybody heard about the Intru Guard ?
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Garry GlendownConsulting and Network/Security SpecialistCommented:
FortiGates also have DoS sensor/mitigation in it (along with IDS/IPS and full-fledged firewall) ... One general word of warning though - there's no "silver bullet" against (D)DoS ... even if you can keep the attack away from the targeted system, it might still overload components on the way to that system ... if you are running any presence you expect might be attacked, make sure you have the 24/7 number of your uplink(s) in order to have someone to call when you get hit ...
My current employer uses a FortiGate + FortiWeb + FortiMail based front line of defense for networking email, and web application security needs. they have all performed admirably and get regular updates for network based IPS/IDS scanning, as well as network antivirus. With the fortigates providing firewall, IDS/IPS and routing, and the fortiweb/mail providing similar solutions on their relevant domains, it has been a wholly effective solution, while remaining easy to manage.
Rich RumbleSecurity SamuraiCommented:
Out ISP's all offer DDOS protection, I'm not sure what they use but it is effective, we also utilize a lot of Akamai's services and have withstood Gig's of DDOS over short periods of time. Most Firewalls and routers from Cisco have some DDoS mitigation, but there is nothing better than getting it upstream before it even gets to your network by using the ISP. BT/Verizion/AT&T/QWest/MCI all offer DDoS protection if you ask for it, we've negotiated longer contracts as long as they threw in DDoS protection, and some just offer it as part of the normal service. We might have bigger pipes than most, but never hurts to ask.
And remember, in this day and age, no matter what you buy, YOU won't be able to stop an attack that eats all your pipe...
Your ISP will have to do it, and even then it's not guranteed to help, as there are new vectors to explore, and one laptop might be able to DOS your site just by requesting SSL handshakes over and over, if your SSL and HTTP site are on the same servers, then the work they are doing trying to serve SSL will cripple the whole server until the attack is abated. An IPS might help in this case, and perhaps the ISP could catch it, but a small firewall rule(or IPS) would work here: http://www.thc.org/thc-ssl-dos/
I still reccomend checkpoint. Some isps do it but how well .. i wont be able to say.
Rich RumbleSecurity SamuraiCommented:
Depends on the DOS type and methods. Http get's from legit (non spoofed) addresses, and there is enough BW left to send the RST packets, just about anything will do. The LOIC is another example of an easy one to defend against, but once the BW is gone it's beyond our control, and peering or ISP intervention will have to be used. http://en.wikipedia.org/wiki/LOIC 
We've had to drop routes for china and other countries at times, even cut off peering, what has saved us the most was using a caching engine (akamai) so that legit customers still get served even when we were under attack. So don't just look for the "best anti-DDOS" system, you may instead and or in addition to, look to how you can still operate even when under attack that doesn't involve blocking/resetting connections.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now