Works great, but my question is this, i filled out a ticket, eventually got the cisco guard added ( i am on a TC server), but from the sounds of the ticket it's not something that's always active, they only activate it when necessary. Is that correct?

I believe you only get the reports when there is an attack on your box, so although it's always active, no DOS = no reports.

OK, interesting, the trouble ticket said something about it being a limited resource and being removed. I know I wasn't on it originally, but was added. I'd ask support but I have kept them busy enough the last couple days!

The Cisco Guard protection is only enabled during the DDoS attack, as the resources are limited. The Guard is an inline device and can only support a limited amount of total bandwidth. If we use its resources to verify legitimate traffic, we would not be able to offer its protection to all of our customers.

Basically what we've done is split up the tasks (detection and mitigation) between two different devices. Mitigation is handled by the Cisco Guard devices and detection of DDoS attacks is handled by Arbor Network's PeakFlow. Once the attack is detected with PeakFlow, we can use the Cisco Guard to stop the attack.

do i have to request it for my TC server or its there by default for every one ?
do i have to ask for it be enabled if i feal i am under attack or it will work by it self ?

PeakFlow should catch attacks, but if it doesn't, open a ticket and they will put Guard on it. There is no need to request it, it covers everyone on the premium network.

Yea i had to request it, took me a while to convince support that I was getting flooded, but once they got the ticket over to security they got on it pretty quick. All in all was down for about 24 hours and I can easily live with that.

Hm, you might be able to, but I can't! You shouldn't have to convince support before they escalate it to security. Please, in the future, request they escalate the issue to a security engineer immediately. I'm glad that everything worked out for you, though

so i have to request it ? its not auto detecting ? its not some thing that protacte every one with out us sending tickets ?

Technically no, the Guard does not initially detect the attack. We use Arbor Network's PeakFlow and a variety of other networking tools to detect malicious and anomalous traffic. From there, we enable the Cisco Guard protection, which can identify the malicious traffic and block it at our border.

We understand not all DDoS attacks can be detected by Arbor or our technicians due to the very broad array of different types of attacks. Therefore, when you believe you are experiencing an attack that we have not yet detected, please do not hesitate to create a new support ticket or to call our toll-free support line and alert us to the situation. From there we should be able to respond immediately and resolve the effects of the attack.

Adam,

Does Arbor Network's PeakFlow detect SYN Flood Attacks?

Yes, Arbor Network's PeakFlow detects SYN flood attacks. If you are exeriencing otherwise please PM me your server information and I'll take a look to see what's up.

You might also find the related press release at http://www.theplanet.com/about/releases/02082005.html interesting.