# Hardware firewall for blocking Ddos.



## pliopol (Jul 26, 2008)

my setup:

Quart cab
hp proliant 1u, nginx.
hp proliant 2u, windows 2008.
hp proliant 1u, cpanel.
dell poweredge r710, centos.
24 port switch.

i basically need a hardware firewall in the rack to protect those servers, the only thing it needs to do is block ddos.

i have no idea what to choose from, i heard tippingpoint is good but there are so many different versions, i don't know if i need specific plugs on the back to be compatible with my hardware, or if i can choose any of them?

the ddos on some occasions can burst to 1Gbits/second.

thanks if anyone can advise.


----------



## Wand3r3r (Sep 17, 2010)

any soho router I have seen will stop ddos attacks.
your concern shouldn't be just for the servers but your entire network.

sonicwall is a hardware firewall that has an expanded feature set with subscriptions.
if you're a linux person you can consider a pc with two nics and untangle


----------



## pliopol (Jul 26, 2008)

i should also mention that is all runs from a datacenter so my options are limited and i don't have access.

thanks.


----------



## Wand3r3r (Sep 17, 2010)

what do you mean by "from a datacenter"? Your internet connected comes thru the data center?

How are you determining you have dos attacks? if in a corp setting these attacks should never make it to your servers. This would indicate a peer to peer attack [someone inside the network ]


----------



## JMPC (Jan 15, 2011)

Worth reading:
Defeating DDOS Attacks  [Cisco Guard DDoS Mitigation Appliances] - Cisco Systems

No router or firewall is going to completely stop DOS attacks. Sure, if it's coming from one IP, no problem block the IP. A distributed large scale attack will take much more effort to mitigate.


----------



## pliopol (Jul 26, 2008)

Wand3r3r said:


> what do you mean by "from a datacenter"? Your internet connected comes thru the data center?
> 
> How are you determining you have dos attacks? if in a corp setting these attacks should never make it to your servers. This would indicate a peer to peer attack [someone inside the network ]


i'm saying the hardware is running from a datacenter, so options are limited all they will be willing to do is plugin and play i can't go messing with routers.


----------



## pliopol (Jul 26, 2008)

JMPC said:


> Worth reading:
> Defeating DDOS Attacks* [Cisco Guard DDoS Mitigation Appliances] - Cisco Systems
> 
> No router or firewall is going to completely stop DOS attacks. Sure, if it's coming from one IP, no problem block the IP. A distributed large scale attack will take much more effort to mitigate.


when i had servers at Godaddy, they use something called tippingpoint and the ddos always failed, whatever it was and however they set it up, im looking for the same similar thing.

that will be sufficient at this point.


----------



## Wand3r3r (Sep 17, 2010)

pliopol if you don't have the authority to "mess" with routers I am sure you don't have the authority to be posting for advice. 

Really should be talking to the IT folks running the datacenter. None of the ddos traffic should be making it to you. 

In other words if its getting thru the router/firewall for the datacenter you have larger issue you can not address with anything we recommend here.


----------

