[119076] in North American Network Operators' Group
RE: Pros and Cons of Cloud Computing in dealing with DDoS
daemon@ATHENA.MIT.EDU (Stefan Fouant)
Thu Nov 5 20:36:01 2009
From: "Stefan Fouant" <sfouant@shortestpathfirst.com>
To: "'Paul Ferguson'" <fergdawgster@gmail.com>
In-Reply-To: <6cd462c00911051725w200e5480tb33e68cf377592df@mail.gmail.com>
Date: Thu, 5 Nov 2009 20:35:17 -0500
Cc: 'NANOG list' <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Paul Ferguson [mailto:fergdawgster@gmail.com]
> Sent: Thursday, November 05, 2009 8:26 PM
>
> On Thu, Nov 5, 2009 at 4:46 PM, Stefan Fouant
> <sfouant@shortestpathfirst.com> wrote:
>
> >>
> >> Actually, no - the miscreants are always going to have more
> bandwidth
> >> at their disposal, plus they utilize attack vectors which provide a
> >> great deal of amplification (including at layer-7) which make
> >> bandwidth largely irrelevant.
> >
> > So if I'm hearing you correctly, you're saying that no matter how
> much
> > infrastructure you have to potentially absorb the problem, there is
> > nothing you can do because the bad guys are always going to have more
> > bandwidth at their disposal. Man, that's a pretty bad position to be
> in
> > for a vendor who's fundamental premise is to sell boxes to deal with
> > these sorts of
> > problems. ;)
>
> Well, the fact of the matter is that you can't put 10 lb. of
> [expletive]
> in a 5 lb. bag, so to speak. :-)
Which is why vendors selling DDoS mitigation equipment will always tell you
to get a 15lb. bag first. ;) Their solutions work, but only if you got a
bag big enough to store a lot of crap.
Stefan Fouant
GPG Key ID: 0xB5E3803D
