ddos attacks

Just about every security, network and ADC vendor out there is claiming anti-dos capabilities. Be careful when going that route and do your own validation. I suggest looking at Radware and Arbor (both leaders in the market). To successfully mitigate an attack the ideal solutions will weed out the attack and allow legitimate traffic to continue. Many of the solutions in the commercial market are not much more than rate limiters and are not very forgiving. Just as important realize while spoofed udp floods are popular they are oftened only the first vector, if successfully mitigated attackers quickly adjust and follow with more complex vectors such as application attacks toward http, ssl, dns query floods, etc.. Remember their goal is to bring you down, , divert your attention while they steal your data or perhaps transfer funds. They will go to far lengths to achieve their end result. As you can imagine it's much harder to identify the attack characteristics or for that matter the attacker in these more complex cases. In summary, I'm a firm believer in a hybrid approach with combination of infrastructure acls, rtbh, qos, URPF, tcp stack hardening, local anti-ddos appliances for application attacks and network floods under link capacity to allow you to stay up while deciding to shift routes into cloud band ability to swing up stream to cloud scrubbing center (in house or third party).