Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > DDOS hardware filter or software? Which is needed?


DDOS hardware filter or software? Which is needed?




Posted by srinidhi95, 08-27-2010, 02:59 PM
Hi, My server is currently protected with DDOS hardware filter(CISCO™ GUARD). I also use CSF for protecting DDOS, which is a software firewall. Now I think, Is the hardware firewall is needed. Dont the CSF will manage all DDOS protection? Please advice me. I think this because, Im spending more for harware firewall. Im using the server for providing shared hosting. Thanks.
Posted by Matthew_B, 08-27-2010, 03:14 PM
Firewall protection by CSF is ok, but it can only really cope with seriously small attacks, and unless you pay for server level DDOS hardware, which for this post I assume you wont, you have very little protection! What you have above can only just cope with a small attack really.
Posted by LynxUser, 08-28-2010, 09:20 AM
CSF, Mod_security, API, Mod_evasive, They all do exactly the same to be honest, They can cover nearly all attacks, A hardware firewall will obviously be better but still can go down with BotNets. Mostly it depends on the machine to act fast enough to trigger the blocking, You could have the best firewall, Hardware but if the machine is rather slow it wont act quick enough. Most datacenter these days have packet scanning anyway so you could have it you need to ask your main host, Basicly what it does is if an attack is in place, The datacanter will filter the traffic before allowing any conenction to your machine.
Posted by khunj, 08-28-2010, 11:07 AM
CSF does not have any DDoS protection and firewalls are useless because it is not their job to fight DDoS. We don't put firewall in front of an HTTP server, we put it behind to protect access to the DB servers for instance. What you need is a anti DDoS appliance or a protected network. There isn't any other alternative.
Posted by Hoodz, 08-28-2010, 11:49 AM
people who think csf is for ddos protection need to rethink what they are doing.... its worthless
Posted by LynxUser, 08-28-2010, 11:55 AM
Mod_evasive is preety decent for small Dos attacks. Theere is a few others what can handle small DosS, There maybe more what I don't know of
Posted by ddosguru, 08-28-2010, 11:59 AM
I would actually rank CSF higher than some of the legacy DDoS appliances (eg. Cisco Guard, TopLayer, Radware) in terms of overall usefulness.
Posted by LynxUser, 08-28-2010, 12:03 PM
So for small DosS / SYN / TCP packets what would you suggest for him, I'm also interested in whats being used.
Posted by Setup Link, 08-28-2010, 04:23 PM
use denyhosts


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
eNom Website Not Responding? (Views: 758)
Some Advice? (Views: 657)
Trexhost Announces Arrival Of New Line of Clovertown Servers For All Shared Customers (Views: 774)
fasthost.co.uk - Down? (Views: 806)
Cheap packages accounts? (Views: 767)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.