Dear users,
I have a potential customer who is constantly under a DDoS attack from various countries. Currently they have an ASA 5000 series in front of their infrastructure, but they would like to throw the majority of DDoS packets away before it gets to the main firewall. Also, ASA only does packet filtering, not application level filtering. Currently, they have rate limits set up in order to have access to the internet. If they turn it off, the infrastructure behind firewalls goes down. They also have their own AS.
There exist expensive devices as Radware or F5, but I would like to offer them something more affordable. I was thinking about a 1U Intel Quad-Core CPU server (like HP or something) and RouterOS. They would set up packet rate limiting and also Layer7 filtering.
Questions:
- Is Layer7 filtering in RouterOS powerful enough to filter tons of HTTP requests (I would need to filter out the client agent for it is the same in all requests)?
- Can RouterOS do SMP? Can it use all the cores of a Quad Core Xeon?
- Since they have their own AS I would not like to mess with their routing. I think putting two RouterOS servers in bridge mode in front of their BGP routers would be the best option. What do you think?
- What do you think about this solution in general?
Thanks,
Nejko