Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?


Chronological Thread 
  • From: "Sullivan, Jason W - (jsullivan)" <>
  • To: "" <>
  • Subject: Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?
  • Date: Tue, 20 Nov 2018 20:03:36 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:pHXOLhK17qkSVQE4FNmcpTZWNBhigK39O0sv0rFitYgXK/z6rarrMEGX3/hxlliBBdydt6oUzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlLiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkHKTA37X3XhMJzgqJVoh2hpgBwzIHPbYGaKPZzZL/Qcc8GSWdDWMtaSixPApm7b4sKF+cNM/tWr5T5p1sKrBu+GxOjBOX3xjRVgnH5x7Y60+MnEQrb3AMrAssCu2nQoNX3L6cSTOS1zK3JzTXddfxW3zLx5IbVeR0mo/GMRq9wcc7VyUkuCQPKlFOQpJf7MDOQzOsNsmyb4/B6WuK1im4mqgZxoj61ycs2lIbGm58Vx0nC+C5kzog1Iti4R1R6Yd6iCJZfrTuaOJBxQsM4RWFnpjo6y7MBuZ6hfygK044ryALYa/yCa4SI7RPjVPqRITdln31pYq6whxG38US4zO3zSNW00E1WoSpCj9nMqmoB2ADU6siCUvd9/Vmu2TCT1wDS6eFIO1w7la3eK5Mn37U+lYITvFzMEyPqgkn6kbOae0c+9uWq5enreKjqqoGfOoNslw3yLKcjltaiDek8MwUCRXWX9Oa92bH540H1XbtHguU4kqbHs53WOcEWq6ukDAJRz4ov9hOyDzm439kck3QKKUlKdROdgIXrPlzBOvP1AumjjFmqjTxl3erJPqf7DZXINnXDkKnufbJ660NE0AQ+0ddR645UB70YLvz9XUH8uMXfDhAiLQO42eHnCMhh1owFXmKPH6mZP77IvV+Q/OIvJPWMa5EJtzbhKvgl4PjugWU+mV8AYamp2ZwXaHe7Hvh8P0qZZn/sjs8AEWcMoAU+UPTnhVKeXTJJenq+Q6Ax6is5BY+oF4vPW56hjb+Z0Ce+BJJWZ2RGCl6WEXfvcoWJQ/UMaDmPIs9lljwEVKahRJUn1Ry1qgD6zqBoLuvQ+iECr53jztl15uzUlRE07zN4FdqS3HyQT21shGMHWyc23LxjoUx60lqDyrZ3jOBFFdxJ5vNJTgc7OYfSzux1EN3yXgPBfsyVSFa9XNmqGzAxTtQtw9AQeUZ9Hcutjgzd0yawHbAaiqGLV9QI9feWxHX6Otx812eDy6YJjl86T9FJOHH8wKNz6kKbU5XEmFiDlrq7MLsT9C/L6GqZy2eS5gdVXBMmAovfWnVKLHDLqdD4+ErEC/eMAK8gNEN+gYvKaqlRd9ntjEtPQrapcIDceH+1n2auDBCgy7aFbY6scn8cziLbAQ4Jnx1FriXODhQ3Gir0+zGWNzdpD1+6Oxm2o+BjtHO2SFM1xAiWbkpnkqC44QMRmefDE6EIxrxRviAnpn00B1u709/MQ/u47wt6NOQ5A5sm5Utfk2fQtghzJJuleqJ5m1oachp+uWvj0hx2DsNJi8k4q3Ujigd+NPHQ3Q==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
Dan,
Arbor SP is for monitoring only. Now that I think about this a bit more, 8k is yearly maintenance only (upgrades/intelligence feeds/etc). Just confirmed our original purchase price was closer to 30k (four edge rtr's and 30 fps).
regards,
Jason


On 11/20/18 12:33 PM, Magorian, Daniel F. wrote:

Thanks guys, I’ll check into Kentik and Fastnetmon. 

 

So Jason, are you saying that for $8k you licensed Arbor SP Virtual Peakflow, and use it for triggering only?  Or do you scrub with it as well?

 

I’m trying to figure out which service or software that is, very confusing esp after the Netscout acquisition

 

http://resources.arbornetworks.com/wp-content/uploads/DS_Flexible_Licensing.pdf

 

https://www.netscout.com/product/arbor-cloud

 

Thanks,  Dan

 

From: On Behalf Of Sullivan, Jason W - (jsullivan)
Sent: Tuesday, November 20, 2018 2:04 PM
To:
Subject: Re: [Security-WG] What tools do people use to trigger Zenedge/Oracle Dyn's scrubbing service?

 

https://github.com/pavel-odintsov/fastnetmon was a decent tool, although we ditched it for virtual Arbor SP (peekflow) -was 8k for perpetual licensing, 20k fps.

 

On 11/20/18 12:01 PM, James Deaton wrote:

I know that several of the state networks are using Kentik to trigger it. I think some of them are on this list but if they don't speak up, I'd be happy to connect you with some folks. I know one of them left RapidBGP because of the lack of controls and issues they ran into and use Kentik to do the triggering now.


-- 

James

On Nov 20, 2018, at 12:41 PM, Daniel F. Magorian wrote:


Hello Security WG folks!

We are having issues with ZenEdge/Oracle Dyn's RapidBGP triggering of their scrubbing, and while they're figuring that out, I thought I would ask people what tools they use to trigger scrubbing of subsets of your prefixes.

Yes, I know several folks have Arbox Peakflow boxes for on-prem scrubbing, and use these to signal Zenedge's as well.

So does anyone have a netflow-based tool that seems to work well?

Thanks, Dan

-----Original Message-----
From: Magorian, Daniel F.
Sent: Wednesday, October 3, 2018 10:34 AM
To:
Subject: RE: [Security-WG] What are folks' experience using Zenedge's scrubbing service....

We have the RapidBGP alerting service, and the main issue is false positives from stuff like big user downloads and high volume of inbound traffic to our Forcepoint/Websense http proxies. They're supposed to trigger on multiple criteria not just volume, but when we complain to their tech support, they respond a few days later saying they'll adjust something or other, all very non-transparent. They have also promised more useful stuff in the portal; right now it doesn't even know about the alerts they've sent you email about, basically broken. Still a work in progress...

Dan

-----Original Message-----
From: On Behalf Of Steven Wallace
Sent: Wednesday, October 3, 2018 10:25 AM
To:
Subject: [Security-WG] What are folks' experience using Zenedge's scrubbing service....

Greeting all,

Grateful if folks could share their experience using Zenedge’s scrubbing service. Specifically, how does engaging, and removing, the scrubbing service affect access to the hosts being scrubbed.

Is there a hit? Do users notice?

Thanks,

Steve

 

 

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


Archive powered by MHonArc 2.6.19.

Top of Page