[133577] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Dec 13 11:41:20 2010
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <4D064684.7080801@brightok.net>
Date: Mon, 13 Dec 2010 11:40:20 -0500
To: Jack Bates <jbates@brightok.net>
Cc: North American Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 13, 2010, at 11:15 AM, Jack Bates wrote:
> On 12/13/2010 8:32 AM, Jared Mauch wrote:
>> Or just buy a gig-e from cogent at 3$/meg/mo (or is it $4 this
>> month?) to burn for ddos.
>>=20
> *cough* 10G burstable with 1-2G commit. Still cheaper than anything =
else
> I have or can get, and more likely to handle those large DDOS cases,
> where you can just reroute the effected network through the 10G and
> mitigate with whatever hardware you have.
my point is, there is this 'middle' space where it's hard to justify =
spending money on something that isn't used. Of course it's easy to =
view as "insurance" and easier to justify *after* an attack (or loss). =
it is hard to proactively justify this type of expense. If for every =
10g of capacity, you had a 40k/year "Security" surcharge, at what point =
do you factor this in as part of your regular bandwidth costs vs the =
current "down and to the right" pricing trend.
Delivering these services is something I have observed it is difficult =
to ask someone to pay for unless they have experience with it. Most are =
willing to start off with the "self-insure" premise until it is too much =
to bear, then immediately they are willing to pay 'something' to allow =
capital cost recovery.
>> Of course everyone is willing to sell you a seven-figure "solution"
>> for your problems, but once you actually start talking about the
>> usability, ease of provisioning, and the customer education about the
>> caveats most people start to glaze quickly.
>>=20
>> Even with the right gear, technology, etc.. the vendors don't make it
>> easy to deliver these solutions.
>=20
> True, but they often will dedicate some time and effort during an =
attack to make things work. There are many in-house custom solutions you =
can use, and we've seen public blacklists use many of them over the =
years. If you want the extra support during the crisis, you pay the 3rd =
party for their product to get it.
I am talking about those purporting to offer ddos solution hardware =
either past, present or future.
If it's 2010 or 2011 and you experience flow-control like issues with =
your CLI interface, either slow interactive response or garbled =
processing (over telnet/ssh) there is something not quite right IMHO. =
Then again, I'm known for being a bit of an odd character.
- Jared=
