North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IDS/DDOS prevention hardware that doesnt cost $80,000+?

  • From: Per Gregers Bilse
  • Date: Wed May 25 15:23:56 2005

On May 25, 10:45am, "Drew Weaver" <[email protected]> wrote:
>             I'm wondering if there is such an animal out there? All of
> the ones I have seen are made for the multi-gigabit service provider
> there aren't any for the smaller mid-rangers out there. Can anyone
> suggest anything that we can put in place? The attacks we're seeing are
> just a huge influx of PPS not so much the amount of bandwidth.

I'm not sure if I should keep quiet or ... what the heck.

FWIW, we're finalising prototypes of a system that may meet your needs.
It consists of a central control unit and one or more intelligent filter
units you place strategically in your network (you typically want
to filter as close as possible to your ingress points).  The general
functionality is that when you detect (by whatever means you choose,
we don't do any intrusion/"cold" detection) an attack on one or more
targets inside your network, you redirect traffic to the filter(s) (this
is done using BGP updates from the control unit, but let's not go into
more details right now), which then deploy a unique and highly innovative
method (patent pending) for identifying and filtering out the attack
traffic, while letting bona fide traffic through unhindered.  An upcoming
revision will support explicit ACLs (ie, black- and white-listing of
traffic sources) for you to upload if you have tools that generate those,
as well as various traffic control functions.  There will also be
strong profiling and offline analysis support, and hopefully some nifty
graphical tools.

The basic filter unit has a capacity of about 1 million pps, and comes as
standard with a gigabit ethernet interface (1 Mpps translates roughly to a
fully loaded Gbit ethernet at minimum frame size).  Beware of people that
quote capacity in bps rather than pps; dumb bits beyond the packet header
don't cost anything to transport, so you can quote enormous capacities
if you envisage an attack with large packets.  But you probably knew that
already.  Physically it's a rackmount 1U box with some very noisy fans
(machine room placement only).  USD pricing is TBD but will be very
interesting.

Let me know if you're interested, and I'll get in touch when we're
closer to real production, which isn't far away (a couple of months).

Best,

  -- Per