Andrisoft WANGUARD

Portal Home > Knowledgebase > Articles Database > Andrisoft WANGUARD

Posted by JTY, 04-16-2013, 04:11 PM
Has anyone used WANGUARD? I'm curious how well it works, and just how big of an attack it can mitigate. Basically, we're evaluating several possible options for attack mitigation. And, the price for WANGUARD is pretty cheap, so if it works, that'd be awesome.
Posted by FWH Nicolas, 04-16-2013, 04:20 PM
Wanguard is a software I think, you can't block a BIG attacks with a software.
Posted by JTY, 04-16-2013, 04:33 PM
It is a software solution. Runs on separate server to intercept and filter the traffic.
Posted by CNSERVERS, 04-16-2013, 04:47 PM
The monitor/detection part of the software is ok, it's a bit buggy but it's much cheaper than other similar solutions. The filtering part I highly doubt it's effective against complex attacks.
Posted by pass, 04-17-2013, 10:52 AM
One Juniper MX80, WANGUARD, 1 Server as Sensor (jFlow Analyzer), 1 Server for Filtering (Intel X520 who use HW) give you the same as $250K+ spent for Arbor :-) I don't know the limits, but with proper config it was able to handle 4mpps (we don't get any bigger attacks). You can do much by optimizing all together, like use Router capabilities where possible, block attacker IP's on Router (Juniper provide a nice API where you can inject them by a Cron script), use this nice Intel X520 with HW Filtering and so on... @Cloudexity The Software detects anomaly, same as on any Arbor appliance. The filtering should be handled by Hardware, which today don't cost much as long you don't break 10G.
Posted by nekrogoblikon, 05-29-2013, 10:47 PM
Does anyone know of similar software to Andrisoft's Wanguard? We've been trying to get it running for a week now and their support is terrible so we've given up trying to work with them. We're just looking for something to take netflow and alert us to traffic anomalies. Automating actions like pushing null routes upstream is a bonus.
Posted by XLHost, 06-06-2013, 10:13 AM
If you can easily define "anomalies" you can do this with nfdump + cron + a route reflector + whatever scripting language you are familiar with. Write a script that uses nfdump to find the anomalies and adds the IP to your route reflector. The route reflector then reflects the route to the edge of your network where it will be announced with your upstream provider's Blackhole community. The process of blackholing a reflected route is commonly known as RTBH or real-time black holing. You should now have everything you need to make this happen =) -Drew
Posted by kaniini, 06-06-2013, 07:20 PM
We hacked something up for this a while ago. A few DCs use it: http://bitbucket.org/tortoiselabs/ddosmon Support can be provided on a commercial basis if needed, PM me if you want to talk about pricing I guess.