cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Anti DDOS

Jump to solution

Hello,

Is there an anti-ddos feature on NS-5200? if there is how to set it up and best practice fot it.

Regards,

 

1 Solution

Accepted Solutions
McAfee Employee lpinheir
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Anti DDOS

Jump to solution

Hi,

The NSP can help you with a lot of mechanisms.

  • Volume-based DoS Detection
    • Threshold-Based
    • Learning-Based (DoS Profile)
  • Exploit-based DoS Detection
  • Mitigation Techniques using (Statical Anomaly, SYN Cookie, ACLs, Connection Limiting etc..)

For details about how to use those features and best practices, I strongly recommend you to take a look at McAfee Network Security Platform (DoS Prevention Techniques) Documentation:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22959/en_US/...

Cheers

Lucas

 

 

5 Replies
McAfee Employee lpinheir
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Anti DDOS

Jump to solution

Hi,

The NSP can help you with a lot of mechanisms.

  • Volume-based DoS Detection
    • Threshold-Based
    • Learning-Based (DoS Profile)
  • Exploit-based DoS Detection
  • Mitigation Techniques using (Statical Anomaly, SYN Cookie, ACLs, Connection Limiting etc..)

For details about how to use those features and best practices, I strongly recommend you to take a look at McAfee Network Security Platform (DoS Prevention Techniques) Documentation:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22959/en_US/...

Cheers

Lucas

 

 

McAfee Employee lpinheir
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: Anti DDOS

Jump to solution

Did it help you?

Re: Anti DDOS

Jump to solution

Sorry for the late reply and thank you for the answer.

 

I've checked on the device all the signature for anti ddos attack is already activated, so signature wise I should not worried anymore I think. 

But how strong NS5200 against ddos attack?

McAfee Employee lpinheir
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: Anti DDOS

Jump to solution

All NS Series appliances have the same features against DDoS. About how strong it is, you should focus on Volume DoS Attacks, and in that case, is good to understand how much traffic does the sensor can handle. You can check those details looking at the NS Series Product Datasheet:
https://www.mcafee.com/enterprise/en-us/assets/technical-specifications/ts-network-security-platform...

Reliable Contributor brenta
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

Re: Anti DDOS

Jump to solution

@SOCNSBSB, you have discovered the typical problem with any DDOS appliance. Fundamentally, to inspect the traffic to determine if the traffic is part of an attack you must accept it. Once your connection is saturated denying packets won't have a positive effect on real customers, as their packets and connections are getting throttled.

The only real way to implement protections against this is to have a connection (and hardware) large enough, or be able to distribute the attacks globally. Using techniques that are outside of the attackers control, such as any cast routing. This often takes the form of using a provider such as a CDN (Akami, Cloudflare, etc...) with global distribution. 

You can also do some upstream null routing, where by you send BGP messages to your upstream peers such that traffic sent to you from locations is discarded before these packets become concentrated on your network.

These are the only 2 options when trying to avoid an attack where disruption of service is achieved by saturation of bandwidth.

Brent
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community