Solved! Go to Solution.
I agree with @KarstenI - there is no on-premise anti-DDOS solution that works - despite what the sales person says. Using an ISP provided solution is a serious option.
Personally, I move customers who want DDOS protection to someone with serious punch - Amazon AWS. It is usually cheaper than buying ISP DDOS - and it works.
Nothing that is included in the Meraki solution. And in my opinion, if you need something like this, the best option is to choose an ISP that offers this as a service.
I agree with @KarstenI - there is no on-premise anti-DDOS solution that works - despite what the sales person says. Using an ISP provided solution is a serious option.
Personally, I move customers who want DDOS protection to someone with serious punch - Amazon AWS. It is usually cheaper than buying ISP DDOS - and it works.
I also agree with Phil here, and want to give a bit more technical context on this response.
A DDoS falls under the broader umbrella of what's known as a resource exhaustion attack: https://owasp.org/www-project-automated-threats-to-web-applications/assets/oats/EN/OAT-015_Denial_of...
While I've seen varying descriptions, in general, any resource can fall under such an Umbrella, including network bandwidth. If someone's saturating your uplink with garbage downlink traffic, there's very little mitigating it on your network perimeter would really accomplish anyway.
In a more traditional sense, we can't mitigate against a DDoS consuming CPU or memory either; processing that many inbound packets through our IPS and inbound firewall is always going to consume both.
Proper DDOS protection requires multiple routing paths and large amounts of WAN bandwidth, far to expensive to do on your own.
I had a gaming server years ago that got DDOS because of an unhappy user ( someone killed him in game and took all of his stuff) and even having it hosted by a large gaming website their DDOS protection was useless because it turns out they were doing it themselves.