Folks
Can a hardware firewall like Snapgear filter DDOS attacks?
Thanks
-ganesh

Greetings:

Presuming it is a true DDoS (rather than a heavy DoS), then I doubt it.

Check out http://www.toplayer.com/content/products/intrusion_detection/attack_mitigator.jsp

Thank you.

You're best bet to fight DDoS is to get your upstream provider to filter the attacks for you on the ISP side of the router. If your being nailed at 100mbps and your link to the ISP is 45mbps more than likely the ISP is using OCx and you wouldnt feel much of anything on your end if you can find exactly how your being attacked and it's all the same type of attack. But if it was a mix of syn flooding, port flooding on popular ports and ICMP/UDP attacks and it was from mixed ISP's you might just disable inbound ICMP/UDP and then filter syn and port attacks individually.

DoS attacks can be mitigated, at the upstream level. But it is the punishing Distributed DoS attacks that you will have a serious problem with, unless you and/or your service provider has the gear installed for it.

Some companies that make excellent DoS/DDoS gear are: (in no particular order):

Riverhead Networks (now part of Cisco)
Mazu Networks
Captus Networks
Foundry Networks (their ServerIron line)
Top Layer Networks (thier IPS 5500)
Netscreen (now part of Juniper Networks)
Arbor Networks